summaryrefslogtreecommitdiffstats
path: root/debian
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-05 17:30:18 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-05 17:30:18 +0000
commit87530b9290c2eacfcdc08c86e41f900016e71fc0 (patch)
treece3e8b732e46912f3e17a20f4a9ec3f43804fb22 /debian
parentAdding upstream version 2:3.87.1. (diff)
downloadnss-debian.tar.xz
nss-debian.zip
Adding debian version 2:3.87.1-1.debian/2%3.87.1-1debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian')
-rw-r--r--debian/changelog1485
-rw-r--r--debian/control64
-rw-r--r--debian/copyright85
-rw-r--r--debian/libnss3-dev.dirs2
-rw-r--r--debian/libnss3-tools.dirs1
-rw-r--r--debian/libnss3-tools.manpages1
-rw-r--r--debian/libnss3.lintian-overrides.in23
-rw-r--r--debian/libnss3.symbols172
-rw-r--r--debian/make.mk13
-rw-r--r--debian/nss.pc.in11
-rw-r--r--debian/patches/38_hppa.patch17
-rw-r--r--debian/patches/38_hurd.patch59
-rw-r--r--debian/patches/80_security_tools.patch26
-rw-r--r--debian/patches/series3
-rwxr-xr-xdebian/rules197
-rw-r--r--debian/source/format1
-rw-r--r--debian/upstream/metadata4
-rw-r--r--debian/watch3
18 files changed, 2167 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..200330b
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,1485 @@
+nss (2:3.87.1-1) unstable; urgency=medium
+
+ * New upstream release.
+ * Fixes CVE-2023-0767: Arbitrary memory write via PKCS 12 in NSS.
+
+ -- Mike Hommey <glandium@debian.org> Wed, 15 Feb 2023 09:22:38 +0900
+
+nss (2:3.87-1) unstable; urgency=medium
+
+ * New upstream release.
+
+ -- Mike Hommey <glandium@debian.org> Wed, 18 Jan 2023 07:02:20 +0900
+
+nss (2:3.85-1) unstable; urgency=medium
+
+ * New upstream release.
+
+ -- Mike Hommey <glandium@debian.org> Wed, 16 Nov 2022 09:15:28 +0900
+
+nss (2:3.83-1) unstable; urgency=medium
+
+ * New upstream release.
+
+ -- Mike Hommey <glandium@debian.org> Sun, 18 Sep 2022 06:33:16 +0900
+
+nss (2:3.82-1) unstable; urgency=medium
+
+ * New upstream release.
+ * debian/libnss3.symbols: Add NSSUTIL_3.82 symbol version.
+
+ -- Mike Hommey <glandium@debian.org> Wed, 24 Aug 2022 07:00:08 +0900
+
+nss (2:3.81-2) unstable; urgency=medium
+
+ * debian/rules: Disable -Werror on less mainline architectures.
+
+ -- Mike Hommey <glandium@debian.org> Sun, 14 Aug 2022 05:45:08 +0900
+
+nss (2:3.81-1) unstable; urgency=medium
+
+ * New upstream release.
+ * debian/libnss3.symbols: Add NSS_3.80 symbol version.
+
+ -- Mike Hommey <glandium@debian.org> Wed, 27 Jul 2022 10:19:59 +0900
+
+nss (2:3.79-1) unstable; urgency=medium
+
+ * New upstream release.
+ * debian/libnss3.symbols: Add NSS_3.79 symbol version.
+ * debian/control: Bump nspr build dependency.
+
+ -- Mike Hommey <glandium@debian.org> Wed, 01 Jun 2022 06:30:56 +0900
+
+nss (2:3.77-1) unstable; urgency=medium
+
+ * New upstream release.
+ * debian/libnss3.symbols: Add NSS_3.77 symbol version.
+
+ -- Mike Hommey <glandium@debian.org> Wed, 06 Apr 2022 09:18:22 +0900
+
+nss (2:3.75-1) unstable; urgency=medium
+
+ * New upstream release.
+
+ -- Mike Hommey <glandium@debian.org> Wed, 09 Feb 2022 08:46:51 +0900
+
+nss (2:3.73.1-1) unstable; urgency=medium
+
+ * New upstream release.
+
+ -- Mike Hommey <glandium@debian.org> Fri, 17 Dec 2021 06:16:55 +0900
+
+nss (2:3.73-1) unstable; urgency=medium
+
+ * New upstream release.
+ * Fixes MFSA-2021-51, aka CVE-2021-43527: Memory corruption via DER-encoded
+ DSA and RSA-PSS signatures.
+
+ -- Mike Hommey <glandium@debian.org> Thu, 02 Dec 2021 06:04:31 +0900
+
+nss (2:3.72-2) unstable; urgency=medium
+
+ * debian/control: libnss3-dev breaks libxmlsec1-dev (<< 1.2.33-1).
+ Closes: #998733.
+
+ -- Mike Hommey <glandium@debian.org> Fri, 12 Nov 2021 06:21:05 +0900
+
+nss (2:3.72-1) unstable; urgency=medium
+
+ * New upstream release.
+ * debian/libnss3.symbols, nss/lib/ssl/sslinfo.c, nss/lib/ssl/sslt.h,
+ nss/cmd/selfserv/selfserv.c, nss/cmd/strsclnt/strsclnt.c,
+ nss/cmd/tstclnt/tstclnt.c: Bump dependency version for SSL_GetChannelInfo
+ symbol and remove the previous workaround. Closes: #990058.
+ * debian/libnss3.lintian-overrides.in, debian/rules,
+ nss/cmd/shlibsign/shlibsign.c, nss/lib/pk11wrap/pk11load.c,
+ nss/lib/util/secload.c, nss/cmd/shlibsign/Makefile,
+ nss/cmd/shlibsign/manifest.mn: Stop putting freebl, softokn, etc. in a
+ subdirectory. It's a deviation from upstream that is causing more problems
+ than it's worth keeping. Closes: #737855, #846012, #979159.
+ * debian/libnss3-dev.links.in: Remove xulrunner-nss.pc.
+ * debian/rules: Stop forcing xz compression.
+ * debian/copyright: Add dot for continuation.
+ * debian/watch: Upgrade to version 4.
+ * debian/control: Upgrade Standard-Version to 4.6.0:
+ - debian/rules: Build with `make -s` when DEB_BUILD_OPTIONS contains
+ terse.
+ - debian/control: Add Rules-Requires-Root: no.
+ * debian/control: Remove conflict with libnss3-1d. The last Debian version
+ with libnss3-1d was jessie, and it had a newer version anyways.
+ * debian/rules: Enable all hardening options.
+ * debian/libnss3-symbols: Add Build-Depends-Package in symbols file.
+ * debian/*.lintian-overrides*: Remove
+ copyright-refers-to-versionless-license-file lintian overrides.
+ * debian/libnss3.lintian-overrides.in:
+ - s/shlib-without-versioned-soname/shared-library-lacks-version/.
+ - Add lacks-unversioned-link-to-shared-library overrides.
+ * debian/nss-config.in, debian/rules: Ship upstream nss-config instead of
+ ours. Closes: #737855, #963136.
+ * debian/rules, debian/control: Always set Multi-Arch: same.
+ * debian/copyright:
+ - Remove commas in `Files`.
+ - Add missing license name for ifparser.
+ - Add missing `Copyright`.
+ - Remove copyright for mkdepend, which is not in the source tree anymore.
+ * debian/upstream/metadata: Add upstream bug tracking metadata.
+
+ [ Daniel Kahn Gillmor ]
+ * debian/control: correct Homepage (old URL redirects to 404)
+
+ [ Janitor ]
+ * debian/changelog: Trim trailing whitespace.
+ * debian/copyright: Use secure copyright file specification URI.
+ * debian/compat, debian/control:
+ - Bump debhelper from deprecated 9 to 13.
+ - Set debhelper-compat version in Build-Depends.
+ * debian/upstream/metadata: Set upstream metadata fields: Repository.
+ * debian/rules: Drop transition for old debug package migration.
+
+ -- Mike Hommey <glandium@debian.org> Tue, 02 Nov 2021 06:57:06 +0900
+
+nss (2:3.70-1) unstable; urgency=medium
+
+ * New upstream release.
+
+ -- Mike Hommey <glandium@debian.org> Wed, 08 Sep 2021 08:31:23 +0900
+
+nss (2:3.68-1) unstable; urgency=medium
+
+ * New upstream release.
+
+ -- Mike Hommey <glandium@debian.org> Mon, 19 Jul 2021 06:23:39 +0900
+
+nss (2:3.67-2) unstable; urgency=medium
+
+ * nss/lib/ssl/sslinfo.c, nss/lib/ssl/sslt.h, nss/cmd/selfserv/selfserv.c,
+ nss/cmd/strsclnt/strsclnt.c, nss/cmd/tstclnt/tstclnt.c: Make
+ SSL_GetChannelInfo ABI compatible with older versions by default. Nothing
+ else than NSS itself currently uses the new field. Closes: #990059.
+
+ -- Mike Hommey <glandium@debian.org> Mon, 05 Jul 2021 07:58:02 +0900
+
+nss (2:3.67-1) unstable; urgency=medium
+
+ * New upstream release. Fixes: #989410.
+
+ -- Mike Hommey <glandium@debian.org> Fri, 11 Jun 2021 09:58:51 +0900
+
+nss (2:3.66-1) unstable; urgency=medium
+
+ * New upstream release.
+ * debian/libnss3.symbols: Add NSS_3.65/NSS_3.66 symbol versions.
+
+ -- Mike Hommey <glandium@debian.org> Wed, 02 Jun 2021 05:53:44 +0900
+
+nss (2:3.63-1) unstable; urgency=medium
+
+ * New upstream release. Fixes: #984657.
+
+ -- Mike Hommey <glandium@debian.org> Wed, 24 Mar 2021 12:51:23 +0900
+
+nss (2:3.61-1) unstable; urgency=medium
+
+ * New upstream release.
+
+ -- Mike Hommey <glandium@debian.org> Mon, 08 Feb 2021 06:10:24 +0900
+
+nss (2:3.60-1) unstable; urgency=medium
+
+ * New upstream release. Fixes: #977723.
+
+ -- Mike Hommey <glandium@debian.org> Sun, 20 Dec 2020 06:36:28 +0900
+
+nss (2:3.59-1) unstable; urgency=medium
+
+ * New upstream release. Fixes: #972713.
+ * debian/libnss3.symbols: Add NSS_3.59/NSSUTIL_3.59 symbol version.
+
+ -- Mike Hommey <glandium@debian.org> Wed, 18 Nov 2020 07:26:57 +0900
+
+nss (2:3.58-1) unstable; urgency=medium
+
+ * New upstream release.
+ * debian/libnss3.symbols: Add NSS_3_58 symbol version.
+
+ -- Mike Hommey <glandium@debian.org> Wed, 21 Oct 2020 08:04:53 +0900
+
+nss (2:3.56-1) unstable; urgency=medium
+
+ * New upstream release.
+
+ -- Mike Hommey <glandium@debian.org> Thu, 03 Sep 2020 10:55:04 +0900
+
+nss (2:3.55-1) unstable; urgency=medium
+
+ * New upstream release.
+ * debian/libnss3.symbols: Add NSS_3_55 symbol version.
+
+ -- Mike Hommey <glandium@debian.org> Wed, 29 Jul 2020 14:00:17 +0900
+
+nss (2:3.53.1-1) unstable; urgency=medium
+
+ * New upstream release.
+ * Fixes CVE-2020-12402. Closes: #963152.
+
+ -- Mike Hommey <glandium@debian.org> Mon, 22 Jun 2020 06:09:24 +0900
+
+nss (2:3.53-1) unstable; urgency=medium
+
+ * New upstream release.
+ * Fixes CVE-2020-12399. Closes: #961752.
+ * debian/libnss3.symbols: Add NSS_3_53 symbol version.
+ * nss/lib/freebl/Makefile, nss/lib/freebl/manifest.mn: Move seed.o back
+ into freeblpriv3. bz#1642146.
+ * nss/cmd/shlibsign/Makefile: Avoid infinite recursion when CHECKLOC is
+ not set. bz#1642153.
+
+ -- Mike Hommey <glandium@debian.org> Sun, 31 May 2020 06:32:53 +0900
+
+nss (2:3.52-1) unstable; urgency=medium
+
+ * New upstream release.
+ * debian/libnss3.symbols: Add NSS_3_52 symbol version.
+
+ -- Mike Hommey <glandium@debian.org> Wed, 06 May 2020 06:06:43 +0900
+
+nss (2:3.51-1) unstable; urgency=medium
+
+ * New upstream release.
+
+ -- Mike Hommey <glandium@debian.org> Wed, 08 Apr 2020 11:14:44 +0900
+
+nss (2:3.50-1) unstable; urgency=medium
+
+ * New upstream release.
+
+ -- Mike Hommey <glandium@debian.org> Wed, 12 Feb 2020 09:06:51 +0900
+
+nss (2:3.49.1-1) unstable; urgency=medium
+
+ * New upstream release.
+ * nss/lib/freebl/Makefile: Revert change from 2:3.48-1.
+ * nss/coreconf/config.gypi, nss/lib/freebl/Makefile,
+ nss/lib/freebl/aes-armv8.c, nss/lib/freebl/freebl.gyp,
+ nss/lib/freebl/gcm-arm32-neon.c, nss/lib/freebl/gcm.c,
+ nss/lib/freebl/rijndael.c: Fix freebl arm NEON code use, fixing FTBFS
+ on armhf, and enabling runtime detection of NEON on armel. bz#1608327
+
+ -- Mike Hommey <glandium@debian.org> Wed, 22 Jan 2020 15:13:40 +0900
+
+nss (2:3.49-1) unstable; urgency=medium
+
+ * New upstream release.
+ * Fixes CVE-2019-17023.
+
+ -- Mike Hommey <glandium@debian.org> Thu, 09 Jan 2020 13:46:11 +0900
+
+nss (2:3.48-1) unstable; urgency=medium
+
+ * New upstream release. Closes: #947131.
+ * debian/control: Bump nspr build dependency to 4.24.
+ * nss/lib/freebl/Makefile: Disable hardware AES on ARM softfloat to fix
+ FTBFS on armel. Closes: #947246.
+
+ -- Mike Hommey <glandium@debian.org> Sun, 29 Dec 2019 07:40:46 +0900
+
+nss (2:3.47.1-1) unstable; urgency=medium
+
+ * New upstream release.
+ - Fixes CVE-2019-11745.
+
+ -- Mike Hommey <glandium@debian.org> Wed, 04 Dec 2019 09:00:54 +0900
+
+nss (2:3.47-1) unstable; urgency=medium
+
+ * New upstream release.
+ * debian/libnss3.symbols: Add NSS_3_47 symbol version.
+
+ -- Mike Hommey <glandium@debian.org> Wed, 23 Oct 2019 11:19:59 +0900
+
+nss (2:3.45-1) unstable; urgency=medium
+
+ * New upstream release.
+ - Fixes CVE-2019-11727 and CVE-2019-11719.
+ * debian/libnss3.symbols: Add NSS_3_45 symbol version.
+
+ -- Mike Hommey <glandium@debian.org> Wed, 10 Jul 2019 07:34:18 +0900
+
+nss (2:3.44+really3.42.1-2) unstable; urgency=medium
+
+ * debian/rules: Fix version exposed in nss-config and nss.pc.
+
+ -- Mike Hommey <glandium@debian.org> Wed, 05 Jun 2019 06:36:00 +0900
+
+nss (2:3.44.0-1) experimental; urgency=medium
+
+ * debian/libnss3.symbols:
+ - Update the version needed for
+ SSL_Get{CipherSuite,Channel,PreliminaryChannel}Info.
+ - Adjust versions so that 3.44+really3.42.1-1 is considered older where it
+ matters.
+
+ -- Mike Hommey <glandium@debian.org> Sun, 02 Jun 2019 13:06:26 +0900
+
+nss (2:3.44+really3.42.1-1) unstable; urgency=medium
+
+ * Reverse to 3.42.1. Building against 3.44 induces some behavior
+ differences when running against older versions, which could normally
+ be solved with updates to the symbols file, but since 3.44 is not meant
+ to ship in Buster, avoid disruption for nss reverse dependencies until
+ Buster is released by going back to previous version.
+
+ -- Mike Hommey <glandium@debian.org> Sun, 02 Jun 2019 12:42:20 +0900
+
+nss (2:3.44-1) unstable; urgency=medium
+
+ * New upstream release.
+ * debian/libnss3.symbols: Add NSS_3_43 and NSS_3_44 symbol versions.
+
+ -- Mike Hommey <glandium@debian.org> Sat, 01 Jun 2019 11:12:17 +0900
+
+nss (2:3.42.1-1) unstable; urgency=medium
+
+ * New upstream release.
+ - Fixes CVE-2018-18508. Closes: #921614.
+
+ -- Mike Hommey <glandium@debian.org> Wed, 13 Feb 2019 13:19:39 +0900
+
+nss (2:3.42-1) unstable; urgency=medium
+
+ * New upstream release.
+
+ -- Mike Hommey <glandium@debian.org> Wed, 30 Jan 2019 16:47:58 +0900
+
+nss (2:3.41-1) unstable; urgency=medium
+
+ * New upstream release.
+
+ -- Mike Hommey <glandium@debian.org> Wed, 12 Dec 2018 14:13:39 +0900
+
+nss (2:3.40-1) unstable; urgency=medium
+
+ * New upstream release.
+
+ -- Mike Hommey <glandium@debian.org> Fri, 02 Nov 2018 14:44:19 +0900
+
+nss (2:3.39-1) unstable; urgency=medium
+
+ * New upstream release.
+ - Fixes CVE-2018-12384. Closes: #908332.
+ * debian/libnss3.symbols: Add NSS_3_39 and NSSUTIL_3_39 symbol versions.
+
+ -- Mike Hommey <glandium@debian.org> Sun, 09 Sep 2018 08:03:39 +0900
+
+nss (2:3.38-1) unstable; urgency=medium
+
+ * New upstream release.
+ * debian/libnss3.symbols: Add NSSUTIL_3_38 symbol version.
+
+ -- Mike Hommey <glandium@debian.org> Mon, 25 Jun 2018 07:26:21 +0900
+
+nss (2:3.37.1-1) unstable; urgency=medium
+
+ * New upstream release.
+ * nss/lib/freebl/Makefile: Build FStar.c when not building with int128
+ support. bz#1459739. Closes: #900227
+
+ -- Mike Hommey <glandium@debian.org> Mon, 28 May 2018 07:58:44 +0900
+
+nss (2:3.37-1) unstable; urgency=medium
+
+ * New upstream release. Fixes: #898496.
+ * debian/control, debian/rules: Generate dbgsym package.AA
+ * debian/copyright: Switch to machine-readable format.
+ * debian/control: Bump Standards-Version to 4.1.4.
+
+ -- Mike Hommey <glandium@debian.org> Mon, 14 May 2018 07:15:21 +0900
+
+nss (2:3.36.1-1) unstable; urgency=medium
+
+ * New upstream release.
+ * debian/control: Update Maintainer and Vcs fields, moving off alioth.
+
+ -- Mike Hommey <glandium@debian.org> Tue, 10 Apr 2018 14:55:14 +0900
+
+nss (2:3.36-1) unstable; urgency=medium
+
+ * New upstream release. Closes: #894981.
+
+ -- Mike Hommey <glandium@debian.org> Sun, 08 Apr 2018 06:53:15 +0900
+
+nss (2:3.35-2) unstable; urgency=medium
+
+ * nss/lib/freebl/Makefile: Build Hacl_Poly1305_64.o on arm64.
+
+ -- Mike Hommey <glandium@debian.org> Mon, 29 Jan 2018 13:51:18 +0900
+
+nss (2:3.35-1) unstable; urgency=medium
+
+ * New upstream release.
+
+ -- Mike Hommey <glandium@debian.org> Mon, 29 Jan 2018 10:59:06 +0900
+
+nss (2:3.34.1-1) unstable; urgency=medium
+
+ * New upstream release.
+
+ -- Mike Hommey <glandium@debian.org> Fri, 05 Jan 2018 20:15:40 +0900
+
+nss (2:3.34-1) unstable; urgency=medium
+
+ * New upstream release:
+ - Really build without -maes on i386. Closes: #875694.
+ * debian/libnss3.symbols: Add NSS_3_34 symbol version.
+
+ -- Mike Hommey <glandium@debian.org> Sat, 18 Nov 2017 14:58:01 +0900
+
+nss (2:3.33-1) unstable; urgency=medium
+
+ * New upstream release.
+ * debian/libnss3.symbols: Add NSS_3_33 and NSSUTIL_3.33 symbol versions.
+
+ -- Mike Hommey <glandium@debian.org> Fri, 29 Sep 2017 06:49:26 +0900
+
+nss (2:3.32-2) unstable; urgency=medium
+
+ * nss/gtests/ssl_gtest/ssl_ecdh_unittest.cc: Fix possibly uninitialized
+ value 'curve'. bz#1389263. Closes: #871691.
+ * lib/freebl/Makefile: Only build gcm.c and rijndael.c with -maes.
+ Closes: #871700.
+
+ -- Mike Hommey <glandium@debian.org> Mon, 28 Aug 2017 07:39:59 +0900
+
+nss (2:3.32-1) unstable; urgency=medium
+
+ * New upstream release.
+
+ -- Mike Hommey <glandium@debian.org> Thu, 10 Aug 2017 15:29:40 +0900
+
+nss (2:3.31-1) unstable; urgency=medium
+
+ * New upstream release.
+ * debian/libnss3.symbols: Add NSS_3_31 and NSSUTIL_3.31 symbol versions.
+
+ -- Mike Hommey <glandium@debian.org> Sat, 17 Jun 2017 06:41:41 +0900
+
+nss (2:3.30.2-1) experimental; urgency=medium
+
+ * New upstream release.
+
+ -- Mike Hommey <glandium@debian.org> Fri, 19 May 2017 14:06:03 +0900
+
+nss (2:3.30.1-1) experimental; urgency=medium
+
+ * New upstream release.
+
+ -- Mike Hommey <glandium@debian.org> Wed, 19 Apr 2017 20:09:48 +0900
+
+nss (2:3.30-1) experimental; urgency=medium
+
+ * New upstream release.
+ * debian/libnss3.symbols: Add NSS_3.30 and NSS_3.30.0.1 symbol versions.
+
+ -- Mike Hommey <glandium@debian.org> Sat, 18 Mar 2017 15:34:23 +0900
+
+nss (2:3.29.1-1) experimental; urgency=medium
+
+ * New upstream release.
+
+ -- Mike Hommey <glandium@debian.org> Sat, 25 Feb 2017 09:27:44 +0900
+
+nss (2:3.29-1) experimental; urgency=medium
+
+ * New upstream release.
+ * debian/libnss3.symbols: Add NSSUTIL_3.25 symbol version.
+
+ -- Mike Hommey <glandium@debian.org> Mon, 13 Feb 2017 07:42:36 +0900
+
+nss (2:3.28.1-1) experimental; urgency=medium
+
+ * New upstream release.
+ * debian/libnss3.symbols: Add NSS_3.28 symbol version.
+
+ -- Mike Hommey <glandium@debian.org> Sun, 05 Feb 2017 15:01:47 +0900
+
+nss (2:3.27.1-1) experimental; urgency=medium
+
+ * New upstream release.
+ * debian/libnss3.symbols: Add NSS_3.27 symbol version.
+
+ -- Mike Hommey <glandium@debian.org> Sat, 19 Nov 2016 08:29:17 +0900
+
+nss (2:3.26.2-1) unstable; urgency=medium
+
+ * New upstream release.
+
+ -- Mike Hommey <glandium@debian.org> Sun, 30 Oct 2016 07:20:34 +0900
+
+nss (2:3.26-2) unstable; urgency=medium
+
+ * debian/libnss3.symbols: SSL_GetCipherSuiteInfo and SSL_GetChannelInfo need
+ newer versions despite the symbol versions.
+
+ -- Mike Hommey <glandium@debian.org> Wed, 21 Sep 2016 10:02:23 +0900
+
+nss (2:3.26-1) unstable; urgency=medium
+
+ * New upstream release.
+ * debian/watch: Update such that uscan --download-version works.
+ * debian/control, debian/libnss3-1d.*, debian/libnss3.symbols: Remove the
+ libnss3-1d* transitional packages.
+ * debian/rules:
+ - Always set CCC to CXX. Thanks Helmut Grohne. Closes: #806292.
+ - Override KERNEL when cross building for a different OS. Closes: #810579.
+ * debian/control: Split Depends/Build-Depends/Conflicts. Thanks Guido Günther.
+ Closes: #806634.
+
+ -- Mike Hommey <glandium@debian.org> Tue, 16 Aug 2016 16:33:15 +0900
+
+nss (2:3.25-1) unstable; urgency=medium
+
+ * New upstream release.
+ * debian/libnss3.symbols, debian/rules: Add the new libfreeblpriv3 library.
+ * debian/libnss3.symbols: Add NSS_3.24 and NSSUTIL_3.24 symbol versions.
+
+ -- Mike Hommey <glandium@debian.org> Wed, 03 Aug 2016 10:23:13 +0900
+
+nss (2:3.23-2) unstable; urgency=medium
+
+ * debian/control, debian/rules: Leave it to dh_makeshlibs to do the right
+ thing wrt ldconfig. This requires debhelper 9.20160403. Closes: #811124.
+
+ -- Mike Hommey <glandium@debian.org> Sun, 03 Apr 2016 18:29:02 +0900
+
+nss (2:3.23-1) unstable; urgency=medium
+
+ * New upstream release.
+ * Fixes mfsa2016-{35-36} also known as CVE-2016-1950 and CVE-2016-1979.
+ * debian/control: Bump nspr build dependency to 2:4.12.
+ * debian/libnss3.symbols: Add NSS_3.22 and NSS_3.23 symbol versions.
+
+ -- Mike Hommey <glandium@debian.org> Wed, 09 Mar 2016 13:52:06 +0900
+
+nss (2:3.21-1.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Fix FTBFS on x32. Closes: #699217
+ * Fix FTBFS on hppa. Closes: #808990
+
+ -- Adam Borowski <kilobyte@angband.pl> Sun, 14 Feb 2016 14:46:40 +0100
+nss (2:3.21-1) unstable; urgency=medium
+
+ * New upstream release.
+ * nss/lib/ssl/sslsock.c: Disable transitional scheme for SSL renegotiation.
+ 5 years after the transition started, it shouldn't be necessary anymore.
+ * nss/lib/ckfw/builtins/certdata.txt: Remove the SPI CA.
+ * nss/lib/util/secload.c: Fix a warning introduced by our patch to this file.
+ * debian/libnss3.symbols: Add NSS_3.21 symbol versions.
+
+ -- Mike Hommey <glandium@debian.org> Wed, 25 Nov 2015 09:18:30 +0900
+
+nss (2:3.20.1-1) unstable; urgency=high
+
+ * New upstream release.
+ * Fixes mfsa2015-133. also known as CVE-2015-7181 and CVE-2015-7182.
+
+ -- Mike Hommey <glandium@debian.org> Wed, 04 Nov 2015 09:53:32 +0900
+
+nss (2:3.20-1) unstable; urgency=medium
+
+ * New upstream release.
+ * Removed patch for __DATE__ and __TIME__ references from 2:3.19.1-1 because
+ the parts that matter were applied upstream.
+ * debian/rules: Move USE_64 to common make flags, and always use
+ DEB_HOST_ARCH_BITS since it's even supported by dpkg in oldstable, now.
+ * debian/libnss3.symbols: Add NSS_3.20 symbol versions.
+
+ -- Mike Hommey <glandium@debian.org> Sat, 22 Aug 2015 09:02:11 +0900
+
+nss (2:3.19.2-1) unstable; urgency=medium
+
+ * New upstream release.
+ * debian/rules: Force set OS_TEST to DEB_HOST_GNU_CPU to avoid it defaulting
+ to `uname -m`. Thanks Helmut Grohne. Closes: #788452
+
+ -- Mike Hommey <glandium@debian.org> Sun, 21 Jun 2015 06:30:13 +0900
+
+nss (2:3.19.1-2) unstable; urgency=medium
+
+ * debian/control: Fix Vcs-Git url.
+ * nss/cmd/shlibsign/manifest.mn: Fix missing LIBRARY_VERSION.
+ * nss/cmd/shlibsign/shlibsign.c: Fix shlibsign on arm64.
+
+ -- Mike Hommey <glandium@debian.org> Mon, 01 Jun 2015 16:25:07 +0900
+
+nss (2:3.19.1-1) unstable; urgency=medium
+
+ * New upstream release.
+ * debian/libnss3.symbols:
+ - Add NSS_3.19.1 symbol versions.
+ - Reorder and replace *@ with (symver).
+ * debian/rules:
+ - Pass multi-arch dir for NSPR_LIB_DIR. Closes: #722811.
+ - Set umask when calling shlibsign, and rearrange how it's being called.
+ - Build nsinstall separately and set things up for cross-compilations.
+ - Use native shlibsign when cross-compiling.
+ - Do not run FIPS check on cross-builds.
+ * debian/control: Build depend on native libnss3-tools for cross builds.
+ Closes: #682926.
+ * debian/libnss3-tools.manpages, debian/rules: Install the manpages that
+ are now provided upstream. Closes: #505382.
+ * debian/control: Update Vcs-* urls.
+ * debian/control: Bump Standards-Version to 3.9.6.0. No changes required.
+ * nss/lib/ckfw/builtins/binst.c, nss/lib/ckfw/builtins/ckbiver.c,
+ nss/lib/ckfw/builtins/manifest.mn, nss/lib/ckfw/capi/ckcapiver.c,
+ nss/lib/ckfw/capi/manifest.mn, nss/lib/ckfw/nssmkey/ckmkver.c,
+ nss/lib/ckfw/nssmkey/manifest.mn, nss/lib/freebl/freeblver.c,
+ nss/lib/freebl/ldvector.c, nss/lib/freebl/manifest.mn,
+ nss/lib/nss/manifest.mn, nss/lib/nss/nssinit.c, nss/lib/nss/nssver.c,
+ nss/lib/smime/manifest.mn, nss/lib/smime/smimeutil.c,
+ nss/lib/smime/smimever.c, nss/lib/softoken/legacydb/lginit.c,
+ nss/lib/softoken/manifest.mn, nss/lib/softoken/pkcs11.c,
+ nss/lib/softoken/softkver.c, nss/lib/ssl/manifest.mn,
+ nss/lib/ssl/sslcon.c, nss/lib/ssl/sslver.c, nss/lib/util/secoid.c: Remove
+ __DATE__ and __TIME__ references.
+ * nss/cmd/shlibsign/Makefile, nss/cmd/shlibsign/manifest.mn,
+ nss/cmd/shlibsign/shlibsign.c: Fix shlibsign to properly load the sotfoken
+ module.
+ * debian/rules: Remove debian/libnss3/usr/lib/$(DEB_HOST_MULTIARCH)/nss from
+ LD_LIBRARY_PATH when executing shlibsign, which can be done now with the
+ fix above.
+
+ -- Mike Hommey <glandium@debian.org> Mon, 01 Jun 2015 09:47:58 +0900
+
+nss (2:3.19-1) unstable; urgency=medium
+
+ * New upstream release.
+ * debian/libnss3.symbols: Add NSS_3.19 symbol versions.
+
+ -- Mike Hommey <glandium@debian.org> Wed, 13 May 2015 10:47:10 +0900
+
+nss (2:3.18-1) experimental; urgency=medium
+
+ * New upstream release. Closes: #782874.
+ * debian/libnss3.symbols: Add NSS_3.18 symbol versions.
+
+ -- Mike Hommey <glandium@debian.org> Mon, 20 Apr 2015 08:50:46 +0900
+
+nss (2:3.17.4-1) experimental; urgency=medium
+
+ * New upstream release.
+ * Acknowledge NMU.
+
+ -- Mike Hommey <glandium@debian.org> Wed, 25 Feb 2015 16:52:33 +0900
+
+nss (2:3.17.2-1.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Fix CVE-2014-1569. Closes: #773625.
+
+ -- Matt Kraai <kraai@debian.org> Sun, 21 Dec 2014 19:46:52 -0800
+
+nss (2:3.17.2-1) unstable; urgency=medium
+
+ * New upstream release.
+
+ -- Mike Hommey <glandium@debian.org> Sat, 18 Oct 2014 13:22:04 +0900
+
+nss (2:3.17.1-1) unstable; urgency=high
+
+ * New upstream release.
+ - Fixes CVE-2014-1568.
+ - Add support for ppc64el, with a non-broken patch. Closes: #745757.
+ * debian/libnss3.symbols: Add NSSUTIL_3.17.1 symbol versions.
+
+ -- Mike Hommey <glandium@debian.org> Wed, 24 Sep 2014 22:16:32 +0900
+
+nss (2:3.17-1) unstable; urgency=medium
+
+ * New upstream release.
+ * nss/coreconf/Linux.mk: Actually add support for ppc64el. Closes: #745757.
+
+ -- Mike Hommey <glandium@debian.org> Sun, 24 Aug 2014 08:41:37 +0900
+
+nss (2:3.16.3-1.1) unstable; urgency=low
+
+ * Non-maintainer upload to delayed.
+ * Add support for ppc64el. Closes: #745757
+
+ -- Andreas Barth <aba@ayous.org> Mon, 18 Aug 2014 20:01:00 +0000
+
+nss (2:3.16.3-1) unstable; urgency=medium
+
+ * New upstream release.
+ * debian/libnss3.symbols: Add NSS_3.16.2 symbol versions.
+
+ -- Mike Hommey <glandium@debian.org> Sun, 13 Jul 2014 09:24:12 +0900
+
+nss (2:3.16.1-1) unstable; urgency=medium
+
+ * New upstream release.
+ * debian/libnss3.symbols: Add NSS_3.16.1 symbol versions.
+
+ -- Mike Hommey <glandium@debian.org> Sat, 07 Jun 2014 17:24:57 +0900
+
+nss (2:3.16-1) unstable; urgency=medium
+
+ * New upstream release.
+ * debian/libnss3.symbols: Add NSS_3.16 symbol versions.
+ * nss/lib/ckfw/builtins/certdata.txt: Remove CACert root certificates.
+
+ -- Mike Hommey <glandium@debian.org> Fri, 21 Mar 2014 08:10:24 +0900
+
+nss (2:3.15.4-2) unstable; urgency=high
+
+ * Upstream release 3.15.4 fixed MFSA-2014-12, also known as CVE-2014-1490
+ and CVE-2014-1491. Bumping urgency as such.
+ * debian/control, debian/libnss3-nssdb.*, debian/pkcs11.txt, debian/rules:
+ Revert changes from 2:3.15.4-1. Reopens: #537866, Closes: #735329, #736061.
+
+ -- Mike Hommey <glandium@debian.org> Wed, 05 Feb 2014 16:26:06 +0900
+
+nss (2:3.15.4-1) unstable; urgency=low
+
+ * New upstream release.
+ * Acknowledge NMU.
+ * debian/rules: Avoid long one-liner with semi-colons.
+ * debian/patches/*: Refresh patches.
+ * debian/copyright: Update. Closes: #730428.
+ * debian/control, debian/libnss3-nssdb.*, debian/pkcs11.txt, debian/rules:
+ Add shared cert and key databases. Thanks Timo Aaltonen. Closes: #537866.
+ * debian/rules: Use DEB_HOST_ARCH instead of DEB_BUILD_ARCH.
+ * debian/control: Mark libnss3-dev as Multi-Arch: same. Thanks Shawn
+ Landden. Closes: #682925.
+ * debian/libnss3.symbols: Add NSS_3.15.4 symbol versions.
+
+ -- Mike Hommey <glandium@debian.org> Mon, 13 Jan 2014 10:46:04 +0900
+
+nss (2:3.15.3.1-1.1) unstable; urgency=low
+
+ * Non-Maintainer Upload
+ - ship extra NSS utilities (Closes: #701141)
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sat, 04 Jan 2014 11:34:41 -0500
+
+nss (2:3.15.3.1-1) unstable; urgency=high
+
+ * New upstream release.
+ - Distrusts AC DG Tresor SSL CA.
+
+ -- Mike Hommey <glandium@debian.org> Sun, 15 Dec 2013 10:09:48 +0900
+
+nss (2:3.15.3-1) unstable; urgency=high
+
+ * New upstream release.
+ - Fixes CVE-2013-1741, CVE-2013-5605, CVE-2013-5606.
+
+ -- Mike Hommey <glandium@debian.org> Sat, 16 Nov 2013 08:50:45 +0900
+
+nss (2:3.15.2-1) unstable; urgency=low
+
+ * New upstream release.
+ - Fixes CVE-2013-1739. Closes: #726473.
+
+ -- Mike Hommey <glandium@debian.org> Mon, 21 Oct 2013 08:05:24 +0900
+
+nss (2:3.15.1-1) unstable; urgency=low
+
+ * New upstream release.
+ * debian/patches/*: Refresh patches.
+ * debian/patches/lower-dhe-priority.patch: Removed, as it was only necessary
+ for Iceweasel 3.5, which is long gone.
+
+ -- Mike Hommey <glandium@debian.org> Mon, 05 Aug 2013 14:41:14 +0900
+
+nss (2:3.15-1) unstable; urgency=low
+
+ * New upstream release.
+ * debian/patches/*: Refresh patches and removed unused ones.
+ * debian/rules: Adjusted to the new source layout.
+ * debian/libnss3.symbols: Add NSS*_3.15 symbol versions.
+ * debian/control: Bump nspr build dependency.
+
+ -- Mike Hommey <glandium@debian.org> Sat, 15 Jun 2013 19:23:12 +0900
+
+nss (2:3.14.3-1) unstable; urgency=high
+
+ * New upstream release.
+ - Fixes TLS timing attack (luck 13). Closes: #699888.
+ * debian/libnss3.symbols: Add NSS_3.14.3 symbol version.
+ * debian/control: Unbump sqlite3 build dependency, 3.14.3 lifted the need
+ for sqlite 3.7.15.
+
+ -- Mike Hommey <glandium@debian.org> Sun, 17 Mar 2013 15:01:06 +0100
+
+nss (2:3.14.2-1) unstable; urgency=low
+
+ * New upstream release.
+ * debian/control: Bump sqlite3 build dependency.
+ * debian/rules: Avoid installing freebl, softokn, nssckbi and nssdbm in two
+ places.
+ * debian/libnss3-1d.lintian-overrides.in: Stop preprocessing, it has nothing
+ to preprocess anymore.
+ * debian/libnss3.lintian-overrides.in: Fix not to contain a reference to the
+ libnss3-1d package.
+
+ -- Mike Hommey <glandium@debian.org> Fri, 15 Feb 2013 10:06:59 +0100
+
+nss (2:3.14.1.with.ckbi.1.93-1) unstable; urgency=low
+
+ * New upstream release.
+ - Explicitly distrust two intermediate CA certificates mis-issued by
+ TURKTRUST.
+ * debian/patches/95_add_spi+cacert_ca_certs.patch: Refreshed.
+
+ -- Mike Hommey <glandium@debian.org> Fri, 04 Jan 2013 11:16:33 +0100
+
+nss (2:3.14.1-1) unstable; urgency=low
+
+ * New upstream release.
+ * debian/patches: Removed patches applied upstream, and refreshed
+ the others.
+ * debian/libnss3.symbols: Updated for new symbols.
+
+ -- Mike Hommey <glandium@debian.org> Sun, 23 Dec 2012 17:40:21 +0100
+
+nss (2:3.14-2) unstable; urgency=low
+
+ * debian/nss-config.in: Fix nss-config when version is in the x.y form
+ instead of x.y.z.
+
+ -- Mike Hommey <glandium@debian.org> Fri, 07 Dec 2012 17:07:05 +0100
+
+nss (2:3.14-1) unstable; urgency=low
+
+ * New upstream release.
+ * debian/patches: Removed patches applied upstream, and refreshed
+ the others.
+ * debian/libnss3.symbols: Updated for new symbols.
+
+ -- Mike Hommey <glandium@debian.org> Thu, 01 Nov 2012 10:37:39 +0100
+
+nss (2:3.13.6-1) unstable; urgency=low
+
+ * New upstream release.
+ * debian/rules: Use xz compression for binary packages.
+ Thanks Ansgar Burchardt. Closes: #683835.
+
+ -- Mike Hommey <glandium@debian.org> Fri, 31 Aug 2012 09:56:53 +0200
+
+nss (2:3.13.5-1) unstable; urgency=low
+
+ * New upstream release.
+
+ -- Mike Hommey <glandium@debian.org> Fri, 15 Jun 2012 09:40:00 +0200
+
+nss (2:3.13.4-3) unstable; urgency=low
+
+ * debian/rules: Skip epoch when getting upstream version number.
+
+ -- Mike Hommey <glandium@debian.org> Sun, 20 May 2012 07:36:11 +0200
+
+nss (2:3.13.4-2) unstable; urgency=low
+
+ * debian/control, debian/libnss3*, debian/rules,
+ mozilla/security/coreconf/*, mozilla/security/nss/lib/*/manifest.mn:
+ Move to unversioned library. ABI compatibility is ensured upstream, and
+ the SO version, if it needed a change at any time, would be a change in
+ the library name. There is no reason to keep making compatibility more
+ difficult with other distros and upstream binary releases. While previous
+ versions were one-way compatible (binaries built against other distros or
+ upstream nspr could work on Debian), this approach works both ways.
+ * debian/control:
+ - Bump Standards-Version to 3.9.3.0. No changes required.
+ - Force to build against libnspr4-dev >= 2:4.9
+ * Removed unapplied patches.
+ * Adding an epoch to match the old libnss3 package that used to be in
+ the Debian archive.
+
+ -- Mike Hommey <glandium@debian.org> Thu, 17 May 2012 09:45:36 +0200
+
+nss (3.13.4-1) unstable; urgency=low
+
+ * New upstream release.
+ - Changed __GNUC_MINOR__ use in pkcs11n.h. Closes: #650319.
+ * mozilla/security/nss/cmd/certcgi/certcgi.c,
+ mozilla/security/nss/cmd/digest/digest.c,
+ mozilla/security/nss/cmd/signver/pk7print.c: Import patch from Moritz
+ Muehlenhoff for hardened format strings.
+ * debian/make.mk, debian/rules, debian/control: Enable hardening.
+ Closes: #657325.
+ * debian/libnss3-1d.lintian-overrides.in, debian/rules: Use wildcards in
+ lintian override. Closes: #670013.
+ * debian/compat, debian/control: Bump debian/compat to 9. This has the
+ effect of using build-id for debug files, thus Closes: #670015.
+ * debian/libnss3-1d.symbols: Add symbols for /usr/lib/nss/ libraries.
+
+ -- Mike Hommey <glandium@debian.org> Sun, 29 Apr 2012 09:48:58 +0200
+
+nss (3.13.3-1) unstable; urgency=low
+
+ * New upstream release.
+ * debian/libnss3-1d.symbols: Updated to fit new upstream.
+
+ -- Mike Hommey <glandium@debian.org> Fri, 24 Feb 2012 09:56:10 +0100
+
+nss (3.13.2~beta1-3) experimental; urgency=low
+
+ * debian/libnss3-1d.symbols: Fix symbol version for the symbol added in
+ -2.
+
+ -- Mike Hommey <glandium@debian.org> Fri, 23 Dec 2011 19:20:23 +0100
+
+nss (3.13.2~beta1-2) experimental; urgency=low
+
+ * mozilla/security/nss/lib/ssl/*,
+ mozilla/security/nss/cmd/tstclnt/tstclnt.c,
+ mozilla/security/nss/tests/ssl/ssl.sh: Apply patches from bz#542832,
+ required for Iceweasel 11.
+ * debian/libnss3-1d.symbols: Add corresponding symbol.
+
+ -- Mike Hommey <glandium@debian.org> Fri, 23 Dec 2011 17:54:03 +0100
+
+nss (3.13.2~beta1-1) experimental; urgency=low
+
+ * New upstream snapshot, picked from NSS_3_13_2_BETA1 cvs tag.
+ * debian/libnss3-1d.symbols: Add NSS 3.13.2 symbols.
+
+ -- Mike Hommey <glandium@debian.org> Fri, 23 Dec 2011 16:22:05 +0100
+
+nss (3.13.1.with.ckbi.1.88-1) unstable; urgency=low
+
+ * New upstream release.
+ - Distrusts malaysian Digicert Sdn. Bhd CA certificate.
+ - Addresses CVE-2011-3640 (Untrusted search path vulnerability).
+ Closes: #647614.
+ * debian/patches/*: Refreshed patches.
+ * debian/libnss3-1d.symbols: Add NSS 3.13 symbols.
+
+ -- Mike Hommey <glandium@debian.org> Sat, 05 Nov 2011 17:05:26 +0100
+
+nss (3.12.11-3) unstable; urgency=high
+
+ * mozilla/security/nss/lib/ckfw/builtins/certdata.*:
+ Explicitely distrust various DigiNotar CAs:
+ - DigiNotar Root CA
+ - DigiNotar Services 1024 CA
+ - DigiNotar Cyber CA
+ - DigiNotar Cyber CA 2nd
+ - DigiNotar PKIoverheid
+ - DigiNotar PKIoverheid G2
+
+ -- Mike Hommey <glandium@debian.org> Sat, 03 Sep 2011 09:33:28 +0200
+
+nss (3.12.11-2) unstable; urgency=high
+
+ * mozilla/security/nss/lib/ckfw/builtins/certdata.*:
+ Remove DigiNotar Root CA.
+
+ -- Mike Hommey <glandium@debian.org> Wed, 31 Aug 2011 08:49:00 +0200
+
+nss (3.12.11-1) unstable; urgency=low
+
+ * New upstream release.
+ * mozilla/security/nss/lib/ckfw/builtins/certdata.*,
+ * mozilla/security/coreconf/{config,Linux}.mk: Refreshed.
+ * debian/copyright: Update dbm license according to that in the source.
+ Closes: #624310
+
+ -- Mike Hommey <glandium@debian.org> Fri, 12 Aug 2011 12:45:08 +0200
+
+nss (3.12.10-3) unstable; urgency=low
+
+ * debian/nss-config.in, debian/nss.pc.in, debian/rules: Return the multiarch
+ path in nss-config and nss.pc.
+
+ -- Mike Hommey <glandium@debian.org> Thu, 21 Jul 2011 18:08:48 +0200
+
+nss (3.12.10-2) unstable; urgency=low
+
+ * debian/control, debian/libnss3-1d.dirs,
+ debian/libnss3-1d.lintian-overrides.in, debian/libnss3-dev.dirs,
+ debian/libnss3-1d.links.in, debian/libnss3-dev.links.in,
+ debian/rules: Switch to multi-arch while keeping backports easy.
+ Closes: #497088.
+
+ -- Mike Hommey <glandium@debian.org> Mon, 04 Jul 2011 11:24:18 +0200
+
+nss (3.12.10-1) unstable; urgency=low
+
+ * New upstream release.
+ * mozilla/security/nss/lib/ckfw/builtins/certdata.*: Refreshed.
+ * debian/control: Build depend on libnspr4-dev >= 4.8.8.
+ * debian/libnss3-1d.symbols: Add new symbol version.
+
+ -- Mike Hommey <glandium@debian.org> Wed, 25 May 2011 10:20:59 +0200
+
+nss (3.12.9.with.ckbi.1.82-1) unstable; urgency=low
+
+ * New upstream release.
+ - Marks fraudulent Comodo certificates as untrusted.
+ * mozilla/security/nss/lib/ckfw/builtins/certdata.*: Refreshed.
+
+ -- Mike Hommey <glandium@debian.org> Thu, 24 Mar 2011 16:37:46 +0100
+
+nss (3.12.9-2) unstable; urgency=low
+
+ * Upload to unstable.
+ * debian/rules: Fallback to DEB_BUILD_ARCH when dpkg-architecture does't
+ support DEB_BUILD_ARCH_BITS.
+ * debian/control: Lower build depends on dpkg-dev to (>= 1.13.19), which
+ was the previous value.
+ * mozilla/security/nss/lib/freebl/unix_rand.c: We don't need to prevent
+ using netstat for entropy seeding. The seeding will stop before netstat
+ if it could get data from /dev/urandom.
+ * mozilla/security/coreconf/Linux.mk: We shouldn't need to special case
+ mips64 anymore.
+ * mozilla/security/nss/cmd/shlibsign/Makefile, debian/rules: Don't rely
+ on patching the source to not create .chk files during build.
+
+ -- Mike Hommey <glandium@debian.org> Sun, 06 Mar 2011 09:58:41 +0100
+
+nss (3.12.9-1) experimental; urgency=low
+
+ * New upstream release.
+
+ -- Mike Hommey <glandium@debian.org> Sat, 15 Jan 2011 11:33:35 +0100
+
+nss (3.12.9~beta2-1) experimental; urgency=low
+
+ * New upstream snapshot, picked from NSS_3_12_9_BETA2 cvs tag.
+ * debian/patches/*: Refresh patches.
+ * debian/libnss3-1d.symbols: Add new symbol versions.
+ * debian/rules: Bump shlibs.
+
+ -- Mike Hommey <glandium@debian.org> Fri, 17 Dec 2010 15:01:31 +0100
+
+nss (3.12.8-1) unstable; urgency=low
+
+ * New upstream release.
+ * debian/patches/*: Refresh patches.
+ * debian/patches/series:
+ + lower-dhe-priority.patch: Upstream patch from bz#583337 to lower DHE
+ priority. Closes: #592315.
+
+ -- Mike Hommey <glandium@debian.org> Thu, 07 Oct 2010 08:50:48 +0200
+
+nss (3.12.8~b2-1) experimental; urgency=low
+
+ * New upstream snapshot, picked from NSS_3_12_8_BETA2 cvs tag.
+ * debian/patches/*: Refresh patches.
+
+ -- Mike Hommey <glandium@debian.org> Mon, 23 Aug 2010 18:11:12 +0200
+
+nss (3.12.7-1) unstable; urgency=low
+
+ * New upstream release.
+ * debian/patches/*: Refresh patches.
+ * debian/control:
+ - Bump Standards-Version to 3.9.1.0.
+ - Build depend on libnspr4-dev >= 4.8.6.
+ * debian/libnss3-1d.symbols: Simplify symbols file and add new symbols.
+ * debian/rules: Bump shlibs.
+
+ -- Mike Hommey <glandium@debian.org> Fri, 06 Aug 2010 13:55:14 +0200
+
+nss (3.12.6-3) unstable; urgency=low
+
+ * debian/rules:
+ + Sign libnssdbm3.so. Closes: #588806.
+ + Test that the FIPS mode can be properly enabled during build.
+ * debian/control:
+ + Remove conflicts with very old packages.
+ + Bump Standards-Version to 3.9.0.0.
+
+ -- Mike Hommey <glandium@debian.org> Mon, 12 Jul 2010 15:12:24 +0200
+
+nss (3.12.6-2) unstable; urgency=low
+
+ * debian/patches/series:
+ + 00_ckbi_1.79.patch: New patch to update CKBI to 1.79.
+ + 95_add_spi+cacert_ca_certs.patch: Refreshed against CKBI 1.79.
+
+ -- Mike Hommey <glandium@debian.org> Fri, 09 Apr 2010 10:45:01 +0200
+
+nss (3.12.6-1) unstable; urgency=low
+
+ * New upstream release.
+ * debian/patches/*: Refresh patches.
+ * debian/libnss3-1d.symbols, debian/rules: Update symbols file with new
+ symbols and bump shlibs.
+ * debian/patches/97_SSL_RENEGOTIATE_TRANSITIONAL.patch,
+ debian/patches/series: Enable transitional scheme for ssl renegotiation.
+ Closes: #561918.
+ * debian/control:
+ + Bump Standards-Version to 3.8.4.0.
+ + Drop libnss3-1d dependency on dpkg. The versions it didn't really like
+ were between oldstable and stable.
+ + Don't allow different versions of libnss3-1d, libnss3-1d-dbg and
+ libnss3-tools to be installed at the same time.
+ + Add ${misc:Depends} to libnss3-1d-dbg dependencies.
+ * debian/rules: Revert workaround for gcc 4.4 bug on powerpc with -Os.
+ * debian/rules, debian/control, debian/compat: Simplify debian/rules by
+ using dh.
+
+ -- Mike Hommey <glandium@debian.org> Wed, 17 Mar 2010 20:33:32 +0100
+
+nss (3.12.5-2) unstable; urgency=low
+
+ * debian/control:
+ + Remove build dependency on autotools-dev, we don't use it.
+ + libnss3-dev depends on libnspr4-dev >= 4.6.6-1. 4.6.6-1 was the first
+ version where the pkg-config file was nspr.pc instead of
+ xulrunner-nspr.pc. Closes: #567134.
+ * debian/patches/96_NSS_VersionCheck.patch, debian/patches/series:
+ Remove runtime check of NSPR version in NSS_VersionCheck, which seems to
+ be pointless. Closes: #567136.
+
+ -- Mike Hommey <glandium@debian.org> Thu, 28 Jan 2010 12:12:35 +0100
+
+nss (3.12.5-1) unstable; urgency=low
+
+ * New upstream release.
+ * debian/copyright: Modify with new location for the embedded copy of zlib.
+ * debian/patches/*:
+ + Adapt patches to new upstream.
+ + Switch to quilt format
+ * debian/source/format: Switch to 3.0 (quilt) format.
+ * debian/rules, debian/control: Stop using dpatch.
+ * debian/patches/38_intel_aes_executable_stack.patch: Removed. An upstream
+ change in version 3.12.4 obsoleted it.
+ * debian/rules:
+ + Remove DEB_{BUILD,HOST}_* variables, they are not used.
+ + Use DEB_BUILD_ARCH_BITS to determine whether to build with USE_64 or not.
+ + Ship more tools in libnss3-tools. Closes: #526267.
+ + Work around gcc 4.4 bug on powerpc with -Os.
+ + Force non parallel build. There are too many race conditions in the
+ build system to support parallel builds. Closes: #536248.
+ + Bump shlibs.
+ * debian/control:
+ + Bump Standards-Version to 3.8.3.0.
+ + Build-depend on dpkg-dev (>= 1.15.4) for DEB_BUILD_ARCH_BITS.
+ + Stricter dependency between libnss3-dev and libnss3-1d.
+ * debian/libnss3-1d.symbols:
+ + Add new symbols.
+ + Remove debian revision for symbols added in 3.12.4.
+ * debian/patches/38_hurd.patch: Fix FTBFS on Hurd due to PATH_MAX usage in
+ unix_rand.c. Closes: #550995.
+
+ -- Mike Hommey <glandium@debian.org> Fri, 18 Dec 2009 11:48:14 +0100
+
+nss (3.12.4-1) unstable; urgency=low
+
+ * New upstream release.
+ * debian/patches/38_kbsd.dpatch:
+ + Use CHECK_FORK_PTHREAD on kfreebsd and hurd. Closes: #547301.
+ + Adapt to upstream changes.
+ * debian/patches/95_add_spi+cacert_ca_certs.dpatch,
+ * debian/patches/81_sonames.dpatch: Adapt to upstream changes.
+ * debian/libnss3-1d.symbols: Update symbols file with new symbols.
+ * debian/rules: Bumped shlibs.
+
+ -- Mike Hommey <glandium@debian.org> Sun, 11 Oct 2009 01:26:14 +0200
+
+nss (3.12.3.1-1) unstable; urgency=low
+
+ * New upstream release.
+ * debian/patches/95_add_spi+cacert_ca_certs.dpatch, Adapted to upstream
+ changes.
+
+ -- Mike Hommey <glandium@debian.org> Fri, 21 Aug 2009 23:47:24 +0200
+
+nss (3.12.3-1) unstable; urgency=low
+
+ * New upstream release.
+ * debian/watch: Updated to catch new upstream .bz2 tarballs.
+ * debian/copyright: Add information about
+ mozilla/security/corecond/mkdepend.
+ * debian/patches/38_hurd.dpatch, debian/patches/38_kbsd.dpatch: Adapted
+ to upstream changes.
+ * debian/patches/85_security_load.dpatch: Load libsoftokn3.so from
+ /usr/lib/nss when unable to load it from standard ld.so paths in
+ shlibsign.
+ * debian/rules:
+ + Add debian/libnss3-1d/usr/lib/nss to LD_LIBRARY_PATH when running
+ shlibsign during build.
+ + Bumped shlibs.
+ * debian/libnss3-1d.symbols: Update symbols file with new symbols.
+ * debian/control:
+ + Bumped Standards-Version to 3.8.1.0. No changes needed.
+ + Put the libnss3-1d-dbg package in the "debug" section.
+ + Correct libnss3-1d-dbg short description.
+ + Remove redundant section on libnss3-1d.
+ + Build-depend on proper version of debhelper for dh_lintian.
+ * debian/*.lintian-overrides, debian/rules: Install some Lintian
+ overrides with dh_lintian.
+ * debian/patches/38_intel_aes_executable_stack.dpatch: Indicate that
+ we don't need executable stack in intel-aes.s.
+ * debian/patches/00list: Updated accordingly.
+
+ -- Mike Hommey <glandium@debian.org> Sat, 18 Apr 2009 09:37:31 +0200
+
+nss (3.12.2.with.ckbi.1.73-2) unstable; urgency=low
+
+ * mozilla/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.h:
+ Apply patch from upstream to fix alignment issues on sparc and ia64.
+ Closes: #509930.
+
+ -- Mike Hommey <glandium@debian.org> Mon, 06 Apr 2009 20:24:01 +0200
+
+nss (3.12.2.with.ckbi.1.73-1) unstable; urgency=low
+
+ * debian/patches/38_kbsd.dpatch: Brown paper bag fix for regression
+ in previous release that led to FTBFS on i386 only. Closes: #513101.
+ Thanks Steffen Joeris, Sebastian Andrzej Siewior and Petr Salinger.
+ * debian/patches/95_add_spi+cacert_ca_certs.dpatch,
+ debian/patches/80_security_tools.dpatch: Adapted to upstream changes.
+ * debian/libnss3-1d.symbols: Update symbols file with new symbols.
+ * debian/rules: Bumped shlibs.
+
+ -- Mike Hommey <glandium@debian.org> Sat, 31 Jan 2009 16:41:26 +0100
+
+nss (3.12.1-1) unstable; urgency=low
+
+ * New upstream release.
+ * debian/patches/95_add_spi+cacert_ca_certs.dpatch,
+ debian/patches/38_mips64_build.dpatch,
+ debian/patches/38_kbsd.dpatch: Adapted to upstream changes.
+ * debian/libnss3-1d.symbols: Update symbols file with new symbols.
+ * debian/rules: Bumped shlibs.
+
+ -- Mike Hommey <glandium@debian.org> Sat, 20 Dec 2008 12:11:28 +0100
+
+nss (3.12.0-5) unstable; urgency=low
+
+ * debian/control:
+ + Conflict with libnss3-0d >= 3.11.5, that has conflicting files in
+ /usr/lib/nss. Older versions (those from etch) don't conflict.
+ This makes updates from old testing smoother. Closes: #492332.
+ + Build-depend on libsqlite3-dev >= 3.3.9, since API introduced in this
+ version is used. Closes: #493191.
+
+ -- Mike Hommey <glandium@debian.org> Sun, 03 Aug 2008 09:42:03 +0200
+
+nss (3.12.0-4) unstable; urgency=low
+
+ * debian/control: Remove conflict with libnss3-0d, it was only useful when
+ libnss3-0d was a transitional package. Closes: #490995.
+
+ -- Mike Hommey <glandium@debian.org> Wed, 16 Jul 2008 21:29:19 +0200
+
+nss (3.12.0-3) unstable; urgency=low
+
+ * debian/rules:
+ + Enable ECC cypher suite. Closes: #490826.
+ + Build with the same optimization level as upstream.
+
+ -- Mike Hommey <glandium@debian.org> Mon, 14 Jul 2008 17:35:25 +0200
+
+nss (3.12.0-2) unstable; urgency=low
+
+ * debian/patches/95_add_spi+cacert_ca_certs.dpatch:
+ + Add CAcert root and class 3 certificates to nssckbi module.
+ + Add SPI Inc. certificate to nssckbi module.
+ Thanks to Martin F Krafft for these. Closes: #309564.
+ * debian/patches/00list: Updated accordingly.
+
+ -- Mike Hommey <glandium@debian.org> Sat, 12 Jul 2008 18:26:09 +0200
+
+nss (3.12.0-1) unstable; urgency=low
+
+ * New upstream release.
+ * debian/patches/92_ocsp.dpatch: Removed, as applied upstream.
+ * debian/patches/00list: Updated accordingly.
+ * debian/control:
+ + Bumped Standards-Version to 3.8.0.1. No changes needed.
+ + Added Vcs-Browser and Vcs-Git fields.
+ + libnss3-dev don't need explicit version dependency on libnss3-1d.
+ + libnss3-dev depends on libnspr4-dev. Closes: #488402.
+ + Make the -dbg package less a hassle for manual installations with dpkg.
+ + libnss3-1d depends on version of dpkg that either don't support symbols
+ files or has fix for #474079.
+ * debian/patches/85_security_load.dpatch: Load files from /usr/lib/nss if
+ given reference path is only a filename, which happens when freebl is
+ statically linked in a binary executable, such as signtool, and the
+ executable is run from $PATH. When the executable is run using a full
+ path, we must replace /bin/ in the path with /lib/ to find the libraries.
+ Closes: #483774.
+ * debian/libnss3-1d.symbols: Re-enable symbols file.
+
+ -- Mike Hommey <glandium@debian.org> Sat, 05 Jul 2008 10:19:53 +0200
+
+nss (3.12.0~rc3-3) unstable; urgency=low
+
+ * debian/control: Make libnss3-0d conflict with old libnss3, which can
+ still be installed on some systems, though it hasn't been in the archive
+ since sarge. Closes: #485080.
+
+ -- Mike Hommey <glandium@debian.org> Sun, 08 Jun 2008 14:11:13 +0200
+
+nss (3.12.0~rc3-2) unstable; urgency=low
+
+ * debian/patches/92_ocsp.dpatch: Apply patches from bz433594 and bz#433386,
+ which are applied in upstream RC4 (and are the only changes), to fix
+ crashes under some conditions with OCSP checks.
+ * debian/patches/00list: Updated accordingly.
+ * debian/libnss3-dev.links, debian/libnss3-1d.links: Don't install so
+ files in the -dev package but in the library package. It will allow
+ external applications linked against upstream nss to work on Debian with
+ system nss libraries, and will avoid all browsers to have to implement
+ symlinks themselves to allow some external plugins to work properly.
+ * debian/control: Make libnss3-1d conflict with older versions of
+ libnss3-dev and libnss3-dev need newer libnss3-1d accordingly.
+
+ -- Mike Hommey <glandium@debian.org> Sat, 07 Jun 2008 11:57:55 +0200
+
+nss (3.12.0~rc3-1) unstable; urgency=low
+
+ * New upstream snapshot, picked from NSS_3_12_RC3 cvs tag.
+
+ -- Mike Hommey <glandium@debian.org> Sun, 11 May 2008 16:58:17 +0200
+
+nss (3.12.0~beta3-1) unstable; urgency=low
+
+ * New upstream snapshot, picked from NSS_3_12_BETA3 cvs tag.
+ * debian/control: Turn Homepage indications in descriptions into a
+ control field.
+ * debian/patches/91_build_pwdecrypt.dpatch: Enable building and installing
+ pwdecrypt. Thanks Paul Wise. Closes: #472303.
+ * debian/patches/00list: Updated accordingly.
+ * debian/libnss3-1d.symbols: Update symbols file with new symbols and rename
+ the file, so that it isn't used, as a workaround to #474079.
+ Closes: #474007.
+ * debian/rules: Bumped shlibs.
+
+ -- Mike Hommey <glandium@debian.org> Tue, 08 Apr 2008 21:23:53 +0200
+
+nss (3.12.0~beta2-1) unstable; urgency=low
+
+ * New upstream snapshot, picked from NSS_3_12_BETA2 cvs tag.
+ * debian/patches/10_3.11.7_symbol_fix.dpatch: Removed, as applied upstream.
+ * debian/patches/38_kbsd.dpatch: Adapted to upstream changes.
+ * debian/patches/81_sonames.dpatch: Add SO_VERSION to libnssutil3.
+ * debian/libnss3-dev.links: Add link for libnssutil3.
+ * debian/libnss3-1d.symbols: Update symbols file with new symbols. Note that
+ SEC_StringToOID disappeared (well, was moved to nssutil), compared to
+ version 3.12.0~1.9b1, but it was a new symbol, and isn't used anywhere.
+ * debian/nss.pc.in, debian/nss-config.in: Add libnssutil3 support.
+ * debian/rules:
+ + Bumped shlibs.
+ + Don't generate libsoftokn3.so.0d.
+ * debian/control:
+ + Remove transitional libnss3-0d package.
+ + Bumped Standards-Version to 3.7.3.0. No changes needed.
+ + Build depend on libnspr4-dev >= 4.7.0 (we *do* need the RTM version, and
+ not the preceding betas)
+ * debian/libnss3-0d.*: Removed.
+ * debian/patches/85_security_load.dpatch: Load files from $ORIGIN/nss before
+ those of $ORIGIN. Closes: #469079.
+ * debian/patches/38_hurd.dpatch: Fix FTBFS on Hurd because of MAXPATHLEN.
+ Closes: #419529.
+ * debian/patches/00list: Updated accordingly.
+
+ -- Mike Hommey <glandium@debian.org> Fri, 07 Mar 2008 21:27:54 +0100
+
+nss (3.12.0~1.9b1-2) unstable; urgency=low
+
+ * debian/control: libnss3-1-dbg needs to conflict with older libnss3-0d-dbg,
+ as it overwrites so of its files. Closes: #455875.
+ * debian/patches/90_realpath.dpatch: Use realpath() in
+ loader_GetOriginalPathname, so that symlinks are properly followed when
+ determining where the current library lives.
+ * debian/patches/00list: Updated accordingly.
+ * debian/patches/85_security_load.dpatch: When the module given by the
+ caller contains a directory name, remove it so that the module can be
+ properly loaded. Closes: #456296.
+
+ -- Mike Hommey <glandium@debian.org> Sun, 16 Dec 2007 11:06:03 +0100
+
+nss (3.12.0~1.9b1-1) unstable; urgency=low
+
+ * New upstream snapshot, picked from FIREFOX_3_0b1_RELEASE cvs tag.
+ * debian/copyright: Add licensing information about the recently added
+ sqlite copy in the source tree.
+ * debian/control:
+ + Build depend on libsqlite3-dev.
+ + Rename all -0d packages to -1d, but keep a transitional -0d package,
+ since all libraries are compatible (except for the removed one).
+ + Make libnss3-1d conflict with older libnss3-0d.
+ * debian/patches/38_kbsd.dpatch, debian/patches/81_sonames.dpatch:
+ Adapted to upstream changes.
+ * debian/patches/81_sonames.dpatch:
+ + Remove SO version from libsoftokn3, now it is not linked against
+ anymore, but dlloaded.
+ + Remove the hacks to have shlibsign and the signature verification code
+ handle the SO version in the file name.
+ + Bump SO version to 1d.
+ * debian/rules:
+ + Add NSS_USE_SYSTEM_SQLITE=1 to the make options.
+ + Install libsoftokn3 and the new libnssdbm3 in /usr/lib/nss.
+ + Run shlibsign on libsoftokn3 in /usr/lib/nss, without a SO version.
+ + For some reason, build-stamp was missing in install-stamp dependencies.
+ + Bumped shlibs because of new symbols, and pass -c4 to dpkg-gensymbols,
+ so that it fails in all cases where the symbols file is not up to date.
+ + Adapt upstream version pattern matching so that the ~1.9b1 part is
+ removed.
+ + Install .1d libraries in -1d packages.
+ + Create a dummy libsoftokn3.so.0d library, installed in the libnss3-0d
+ package.
+ * debian/libnss3-0d.links:
+ + Remove links in /usr/lib/xulrunner. The workaround they were
+ implementing is going to be done another way.
+ + Add .0d links to .1d libraries.
+ * debian/libnss3-dev.links:
+ + Don't put a symlink for libsoftokn3.
+ + .so files now link to .1d libraries.
+ * debian/patches/80_security_build.dpatch: Remove the hack to load libfreebl
+ from /usr/lib/nss.
+ * debian/patches/85_security_load.dpatch: Load modules from $ORIGIN/nss.
+ * debian/patches/10_3.11.7_symbol_fix.dpatch: Fix a symbol version. Stolen
+ from bz#325672.
+ * debian/patches/00list: Updated accordingly.
+ * debian/libnss3-0d.dirs: Renamed to libnss3-1d.dirs.
+
+ -- Mike Hommey <glandium@debian.org> Sat, 08 Dec 2007 10:53:02 +0100
+
+nss (3.11.7-1) unstable; urgency=low
+
+ * New upstream release, picked from NSS_3_11_7_RTM cvs tag.
+ * debian/patches/38_kbsd.dpatch: Also add support for the Hurd.
+ Closes: #419529.
+ * debian/rules:
+ + Don't fail on clean with unpatched ruleset. Closes: #421542.
+ + Bumped shlibs because of new symbols.
+ * debian/patches/81_sonames.dpatch: Adapted to upstream changes.
+
+ -- Mike Hommey <glandium@debian.org> Sun, 01 Jul 2007 11:29:06 +0200
+
+nss (3.11.5-3) unstable; urgency=low
+
+ * Upload to unstable.
+
+ -- Mike Hommey <glandium@debian.org> Mon, 09 Apr 2007 20:37:25 +0200
+
+nss (3.11.5-2) experimental; urgency=low
+
+ * debian/rules:
+ + Cleaner way to set the NSPR location.
+ + Install libcrmf.a files in libnss3-dev.
+ + binary-indep now does nothing.
+ * debian/control: Make libnss3-dev an Arch: any package.
+ * debian/nss.pc.in:
+ + Remove libsoftokn3 from ld libraries.
+ + Improvement in directories setting.
+ * debian/libnss3-dev.dirs: Create /usr/bin.
+ * debian/nss-config.in, debian/rules: Install a nss-config script into
+ libnss3-dev.
+
+ -- Mike Hommey <glandium@debian.org> Tue, 27 Mar 2007 20:41:11 +0200
+
+nss (3.11.5-1) experimental; urgency=low
+
+ * Initial release. (Closes: #416151)
+
+ -- Mike Hommey <glandium@debian.org> Sun, 25 Mar 2007 23:56:17 +0200
diff --git a/debian/control b/debian/control
new file mode 100644
index 0000000..307a6ba
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,64 @@
+Source: nss
+Section: libs
+Priority: optional
+Maintainer: Maintainers of Mozilla-related packages <team+pkg-mozilla@tracker.debian.org>
+Uploaders: Mike Hommey <glandium@debian.org>
+Build-Depends: debhelper-compat (= 13),
+ dpkg-dev (>= 1.17.14),
+ libnspr4-dev (>= 2:4.34),
+ zlib1g-dev,
+ libsqlite3-dev (>= 3.3.9),
+ libnss3-tools:native (>= 2:3.19-1-1~) <cross>
+Standards-Version: 4.6.0
+Homepage: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS
+Rules-Requires-Root: no
+Vcs-Git: https://salsa.debian.org/mozilla-team/nss.git
+Vcs-Browser: https://salsa.debian.org/mozilla-team/nss
+
+Package: libnss3
+Architecture: any
+Pre-Depends: ${misc:Pre-Depends}
+Depends: ${shlibs:Depends},
+ ${misc:Depends}
+Multi-Arch: same
+Description: Network Security Service libraries
+ This is a set of libraries designed to support cross-platform development
+ of security-enabled client and server applications. It can support SSLv2
+ and v4, TLS, PKCS #5, #7, #11, #12, S/MIME, X.509 v3 certificates and
+ other security standards.
+
+Package: libnss3-tools
+Section: admin
+Architecture: any
+Depends: ${shlibs:Depends},
+ ${misc:Depends}
+Description: Network Security Service tools
+ This is a set of tools on top of the Network Security Service libraries.
+ This package includes:
+ * certutil: manages certificate and key databases (cert7.db and key3.db)
+ * modutil: manages the database of PKCS11 modules (secmod.db)
+ * pk12util: imports/exports keys and certificates between the cert/key
+ databases and files in PKCS12 format.
+ * shlibsign: creates .chk files for use in FIPS mode.
+ * signtool: creates digitally-signed jar archives containing files and/or
+ code.
+ * ssltap: proxy requests for an SSL server and display the contents of
+ the messages exchanged between the client and server.
+Homepage: http://www.mozilla.org/projects/security/pki/nss/tools/
+
+Package: libnss3-dev
+Section: libdevel
+Architecture: any
+Depends: ${misc:Depends},
+ libnss3 (= ${binary:Version}),
+ libnspr4-dev (>= 4.6.6-1)
+Breaks: libxmlsec1-dev (<< 1.2.33-1~)
+Multi-Arch: same
+Description: Development files for the Network Security Service libraries
+ This is a set of libraries designed to support cross-platform development
+ of security-enabled client and server applications. It can support SSLv2
+ and v4, TLS, PKCS #5, #7, #11, #12, S/MIME, X.509 v3 certificates and
+ other security standards.
+ .
+ Install this package if you wish to develop your own programs using the
+ Network Security Service Libraries.
diff --git a/debian/copyright b/debian/copyright
new file mode 100644
index 0000000..ff87d56
--- /dev/null
+++ b/debian/copyright
@@ -0,0 +1,85 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: NSS
+Source: http://ftp.mozilla.org/pub/security/nss/releases/
+
+Files: *
+Copyright: 1994-2000 Netscape Communications Corporation.
+License: MPL-2.0
+ On Debian systems the full text of the MPL-2.0 can be found in
+ /usr/share/common-licenses/MPL-2.0.
+
+Files: nss/lib/zlib/*
+Copyright: 1995-2004 Jean-loup Gailly and Mark Adler
+License: Zlib
+ This software is provided 'as-is', without any express or implied
+ warranty. In no event will the authors be held liable for any damages
+ arising from the use of this software.
+ .
+ Permission is granted to anyone to use this software for any purpose,
+ including commercial applications, and to alter it and redistribute it
+ freely, subject to the following restrictions:
+ .
+ 1. The origin of this software must not be misrepresented; you must not
+ claim that you wrote the original software. If you use this software
+ in a product, an acknowledgment in the product documentation would be
+ appreciated but is not required.
+ 2. Altered source versions must be plainly marked as such, and must not be
+ misrepresented as being the original software.
+ 3. This notice may not be removed or altered from any source distribution.
+ .
+ Jean-loup Gailly Mark Adler
+ jloup@gzip.org madler@alumni.caltech.edu
+ .
+ If you use the zlib library in a product, we would appreciate *not*
+ receiving lengthy legal documents to sign. The sources are provided
+ for free but without warranty of any kind. The library has been
+ entirely written by Jean-loup Gailly and Mark Adler; it does not
+ include third-party code.
+ .
+ If you redistribute modified sources, we would appreciate that you include
+ in the file ChangeLog history information documenting your changes. Please
+ read the FAQ for more information on the distribution of modified source
+ versions.
+
+Files: nss/lib/dbm/*
+Copyright: 1991, 1993, 1994 The Regents of the University of California.
+License: BSD-3
+ Copyright (c) 1991, 1993, 1994
+ The Regents of the University of California. All rights reserved.
+ .
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+ 3. ***REMOVED*** - see
+ ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change"
+ 4. Neither the name of the University nor the names of its contributors
+ may be used to endorse or promote products derived from this software
+ without specific prior written permission.
+ .
+ THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ SUCH DAMAGE.
+
+Files: nss/lib/sqlite/sqlite3.c
+ nss/lib/sqlite/sqlite3.h
+Copyright: D. Richard Hipp <drh@hwaci.com>
+License: public-domain
+ The author disclaims copyright to this source code. In place of
+ a legal notice, here is a blessing:
+ .
+ May you do good and not evil.
+ May you find forgiveness for yourself and forgive others.
+ May you share freely, never taking more than you give.
diff --git a/debian/libnss3-dev.dirs b/debian/libnss3-dev.dirs
new file mode 100644
index 0000000..a49329f
--- /dev/null
+++ b/debian/libnss3-dev.dirs
@@ -0,0 +1,2 @@
+usr/bin
+usr/include/nss
diff --git a/debian/libnss3-tools.dirs b/debian/libnss3-tools.dirs
new file mode 100644
index 0000000..e772481
--- /dev/null
+++ b/debian/libnss3-tools.dirs
@@ -0,0 +1 @@
+usr/bin
diff --git a/debian/libnss3-tools.manpages b/debian/libnss3-tools.manpages
new file mode 100644
index 0000000..9242b2c
--- /dev/null
+++ b/debian/libnss3-tools.manpages
@@ -0,0 +1 @@
+dist/man/*.1
diff --git a/debian/libnss3.lintian-overrides.in b/debian/libnss3.lintian-overrides.in
new file mode 100644
index 0000000..79d5ef2
--- /dev/null
+++ b/debian/libnss3.lintian-overrides.in
@@ -0,0 +1,23 @@
+# ABI compatibility is ensured upstream, and the SO version, if it needed
+# a change at any time, would be a change in the library name. There is
+# no reason to make compatibility more difficult with other distros and
+# upstream binary releases.
+libnss3: shared-library-lacks-version usr/lib/@DEB_HOST_MULTIARCH_WC@/libnss3.so libnss3.so
+libnss3: shared-library-lacks-version usr/lib/@DEB_HOST_MULTIARCH_WC@/libssl3.so libssl3.so
+libnss3: shared-library-lacks-version usr/lib/@DEB_HOST_MULTIARCH_WC@/libnssutil3.so libnssutil3.so
+libnss3: shared-library-lacks-version usr/lib/@DEB_HOST_MULTIARCH_WC@/libsmime3.so libsmime3.so
+libnss3: shared-library-lacks-version usr/lib/@DEB_HOST_MULTIARCH_WC@/libfreebl3.so libfreebl3.so
+libnss3: shared-library-lacks-version usr/lib/@DEB_HOST_MULTIARCH_WC@/libfreeblpriv3.so libfreeblpriv3.so
+libnss3: shared-library-lacks-version usr/lib/@DEB_HOST_MULTIARCH_WC@/libsoftokn3.so libsoftokn3.so
+libnss3: shared-library-lacks-version usr/lib/@DEB_HOST_MULTIARCH_WC@/libnssdbm3.so libnssdbm3.so
+libnss3: shared-library-lacks-version usr/lib/@DEB_HOST_MULTIARCH_WC@/libnssckbi.so libnssckbi.so
+libnss3: lacks-unversioned-link-to-shared-library usr/lib/@DEB_HOST_MULTIARCH_WC@/libnss3.so usr/lib/@DEB_HOST_MULTIARCH_WC@/libnss3.so
+libnss3: lacks-unversioned-link-to-shared-library usr/lib/@DEB_HOST_MULTIARCH_WC@/libssl3.so usr/lib/@DEB_HOST_MULTIARCH_WC@/libssl3.so
+libnss3: lacks-unversioned-link-to-shared-library usr/lib/@DEB_HOST_MULTIARCH_WC@/libnssutil3.so usr/lib/@DEB_HOST_MULTIARCH_WC@/libnssutil3.so
+libnss3: lacks-unversioned-link-to-shared-library usr/lib/@DEB_HOST_MULTIARCH_WC@/libsmime3.so usr/lib/@DEB_HOST_MULTIARCH_WC@/libsmime3.so
+libnss3: lacks-unversioned-link-to-shared-library usr/lib/@DEB_HOST_MULTIARCH_WC@/libfreebl3.so usr/lib/@DEB_HOST_MULTIARCH_WC@/libfreebl3.so
+libnss3: lacks-unversioned-link-to-shared-library usr/lib/@DEB_HOST_MULTIARCH_WC@/libfreeblpriv3.so usr/lib/@DEB_HOST_MULTIARCH_WC@/libfreeblpriv3.so
+libnss3: lacks-unversioned-link-to-shared-library usr/lib/@DEB_HOST_MULTIARCH_WC@/libsoftokn3.so usr/lib/@DEB_HOST_MULTIARCH_WC@/libsoftokn3.so
+libnss3: lacks-unversioned-link-to-shared-library usr/lib/@DEB_HOST_MULTIARCH_WC@/libnssdbm3.so usr/lib/@DEB_HOST_MULTIARCH_WC@/libnssdbm3.so
+libnss3: lacks-unversioned-link-to-shared-library usr/lib/@DEB_HOST_MULTIARCH_WC@/libnssckbi.so usr/lib/@DEB_HOST_MULTIARCH_WC@/libnssckbi.so
+
diff --git a/debian/libnss3.symbols b/debian/libnss3.symbols
new file mode 100644
index 0000000..8cae665
--- /dev/null
+++ b/debian/libnss3.symbols
@@ -0,0 +1,172 @@
+libfreebl3.so libnss3 #MINVER#
+* Build-Depends-Package: libnss3-dev
+ (symver)NSSRAWHASH_3.12.3 2:3.13.4-2~
+ (symver)NSSprivate_3.11 2:3.13.4-2~
+libfreeblpriv3.so libnss3 #MINVER#
+* Build-Depends-Package: libnss3-dev
+ (symver)NSSprivate_3.11 2:3.24
+ (symver)NSSprivate_3.16 2:3.24
+libnss3.so libnss3 #MINVER#
+* Build-Depends-Package: libnss3-dev
+ CERT_EncodeSubjectKeyID@NSS_3.12 2:3.13.4-2~
+ CERT_GetClassicOCSPDisabledPolicy@NSS_3.12 2:3.13.4-2~
+ CERT_GetClassicOCSPEnabledHardFailurePolicy@NSS_3.12 2:3.13.4-2~
+ CERT_GetClassicOCSPEnabledSoftFailurePolicy@NSS_3.12 2:3.13.4-2~
+ CERT_GetPKIXVerifyNistRevocationPolicy@NSS_3.12 2:3.13.4-2~
+ CERT_GetUsePKIXForValidation@NSS_3.12 2:3.13.4-2~
+ CERT_GetValidDNSPatternsFromCert@NSS_3.12 2:3.13.4-2~
+ CERT_NewTempCertificate@NSS_3.12 2:3.13.4-2~
+ CERT_SetOCSPTimeout@NSS_3.12 2:3.13.4-2~
+ CERT_SetUsePKIXForValidation@NSS_3.12 2:3.13.4-2~
+ HASH_GetType@NSS_3.12 2:3.13.4-2~
+ (symver)NSS_3.10 2:3.13.4-2~
+ (symver)NSS_3.10.2 2:3.13.4-2~
+ (symver)NSS_3.11 2:3.13.4-2~
+ (symver)NSS_3.11.1 2:3.13.4-2~
+ (symver)NSS_3.11.2 2:3.13.4-2~
+ (symver)NSS_3.11.7 2:3.13.4-2~
+ (symver)NSS_3.11.9 2:3.13.4-2~
+ (symver)NSS_3.12 2:3.13.4-2~
+ (symver)NSS_3.12.1 2:3.13.4-2~
+ (symver)NSS_3.12.10 2:3.13.4-2~
+ (symver)NSS_3.12.3 2:3.13.4-2~
+ (symver)NSS_3.12.4 2:3.13.4-2~
+ (symver)NSS_3.12.5 2:3.13.4-2~
+ (symver)NSS_3.12.6 2:3.13.4-2~
+ (symver)NSS_3.12.7 2:3.13.4-2~
+ (symver)NSS_3.12.9 2:3.13.4-2~
+ (symver)NSS_3.13 2:3.13.4-2~
+ (symver)NSS_3.13.2 2:3.13.4-2~
+ (symver)NSS_3.14 2:3.14
+ (symver)NSS_3.14.1 2:3.14.1~beta2
+ (symver)NSS_3.14.3 2:3.14.3
+ (symver)NSS_3.15 2:3.15
+ (symver)NSS_3.15.4 2:3.15.4
+ (symver)NSS_3.16.1 2:3.16.1
+ (symver)NSS_3.16.2 2:3.16.2
+ (symver)NSS_3.18 2:3.18
+ (symver)NSS_3.19 2:3.19
+ (symver)NSS_3.19.1 2:3.19.1
+ (symver)NSS_3.2 2:3.13.4-2~
+ (symver)NSS_3.2.1 2:3.13.4-2~
+ (symver)NSS_3.21 2:3.21
+ (symver)NSS_3.22 2:3.22
+ (symver)NSS_3.3 2:3.13.4-2~
+ (symver)NSS_3.3.1 2:3.13.4-2~
+ (symver)NSS_3.30 2:3.30
+ (symver)NSS_3.31 2:3.31
+ (symver)NSS_3.33 2:3.33
+ (symver)NSS_3.34 2:3.34
+ (symver)NSS_3.39 2:3.39
+ (symver)NSS_3.4 2:3.13.4-2~
+ (symver)NSS_3.43 2:3.44.0
+ (symver)NSS_3.44 2:3.44.0
+ (symver)NSS_3.45 2:3.45
+ (symver)NSS_3.47 2:3.47
+ (symver)NSS_3.5 2:3.13.4-2~
+ (symver)NSS_3.52 2:3.52
+ (symver)NSS_3.53 2:3.53
+ (symver)NSS_3.55 2:3.55
+ (symver)NSS_3.58 2:3.58
+ (symver)NSS_3.59 2:3.59
+ (symver)NSS_3.6 2:3.13.4-2~
+ (symver)NSS_3.62 2:3.62
+ (symver)NSS_3.65 2:3.65
+ (symver)NSS_3.66 2:3.66
+ (symver)NSS_3.7 2:3.13.4-2~
+ (symver)NSS_3.7.1 2:3.13.4-2~
+ (symver)NSS_3.77 2:3.77
+ (symver)NSS_3.79 2:3.79
+ (symver)NSS_3.8 2:3.13.4-2~
+ (symver)NSS_3.9 2:3.13.4-2~
+ (symver)NSS_3.9.2 2:3.13.4-2~
+ (symver)NSS_3.9.3 2:3.13.4-2~
+ NSS_InitWithMerge@NSS_3.12 2:3.13.4-2~
+ PK11_CreateGenericObject@NSS_3.12 2:3.13.4-2~
+ PK11_CreateMergeLog@NSS_3.12 2:3.13.4-2~
+ PK11_CreatePBEV2AlgorithmID@NSS_3.12 2:3.13.4-2~
+ PK11_DestroyMergeLog@NSS_3.12 2:3.13.4-2~
+ PK11_GetPBECryptoMechanism@NSS_3.12 2:3.13.4-2~
+ PK11_IsRemovable@NSS_3.12 2:3.13.4-2~
+ PK11_MergeTokens@NSS_3.12 2:3.13.4-2~
+ PK11_WriteRawAttribute@NSS_3.12 2:3.13.4-2~
+ SEC_PKCS5IsAlgorithmPBEAlgTag@NSS_3.12 2:3.13.4-2~
+libnssckbi.so libnss3 #MINVER#
+* Build-Depends-Package: libnss3-dev
+ (symver)NSS_3.1 2:3.13.4-2~
+libnssdbm3.so libnss3 #MINVER#
+* Build-Depends-Package: libnss3-dev
+ (symver)NSSDBM_3.12 2:3.13.4-2~
+libnssutil3.so libnss3 #MINVER#
+* Build-Depends-Package: libnss3-dev
+ (symver)NSSUTIL_3.12 2:3.13.4-2~
+ (symver)NSSUTIL_3.12.3 2:3.13.4-2~
+ (symver)NSSUTIL_3.12.5 2:3.13.4-2~
+ (symver)NSSUTIL_3.12.7 2:3.13.4-2~
+ (symver)NSSUTIL_3.13 2:3.13.4-2~
+ (symver)NSSUTIL_3.14 2:3.14
+ (symver)NSSUTIL_3.15 2:3.15
+ (symver)NSSUTIL_3.17.1 2:3.17.1
+ (symver)NSSUTIL_3.21 2:3.21
+ (symver)NSSUTIL_3.24 2:3.24
+ (symver)NSSUTIL_3.25 2:3.29
+ (symver)NSSUTIL_3.31 2:3.31
+ (symver)NSSUTIL_3.33 2:3.33
+ (symver)NSSUTIL_3.38 2:3.38
+ (symver)NSSUTIL_3.39 2:3.39
+ (symver)NSSUTIL_3.59 2:3.59
+ (symver)NSSUTIL_3.82 2:3.82
+libsmime3.so libnss3 #MINVER#
+* Build-Depends-Package: libnss3-dev
+ (symver)NSS_3.10 2:3.13.4-2~
+ (symver)NSS_3.12.10 2:3.13.4-2~
+ (symver)NSS_3.12.2 2:3.13.4-2~
+ (symver)NSS_3.13 2:3.13.4-2~
+ (symver)NSS_3.15 2:3.15
+ (symver)NSS_3.16 2:3.16
+ (symver)NSS_3.18 2:3.18
+ (symver)NSS_3.2 2:3.13.4-2~
+ (symver)NSS_3.2.1 2:3.13.4-2~
+ (symver)NSS_3.3 2:3.13.4-2~
+ (symver)NSS_3.4 2:3.13.4-2~
+ (symver)NSS_3.4.1 2:3.13.4-2~
+ (symver)NSS_3.6 2:3.13.4-2~
+ (symver)NSS_3.7 2:3.13.4-2~
+ (symver)NSS_3.7.2 2:3.13.4-2~
+ (symver)NSS_3.8 2:3.13.4-2~
+ (symver)NSS_3.9 2:3.13.4-2~
+ (symver)NSS_3.9.3 2:3.13.4-2~
+libsoftokn3.so libnss3 #MINVER#
+* Build-Depends-Package: libnss3-dev
+ (symver)NSS_3.4 2:3.13.4-2~
+ (symver)NSS_3.52 2:3.52
+libssl3.so libnss3 #MINVER#
+* Build-Depends-Package: libnss3-dev
+ (symver)NSS_3.11.4 2:3.13.4-2~
+ (symver)NSS_3.11.8 2:3.13.4-2~
+ (symver)NSS_3.12.10 2:3.13.4-2~
+ (symver)NSS_3.12.6 2:3.13.4-2~
+ (symver)NSS_3.13 2:3.13.4-2~
+ (symver)NSS_3.13.2 2:3.13.4-2~
+ (symver)NSS_3.14 2:3.14
+ (symver)NSS_3.15 2:3.15
+ (symver)NSS_3.15.4 2:3.15.4
+ (symver)NSS_3.2 2:3.13.4-2~
+ (symver)NSS_3.2.1 2:3.13.4-2~
+ (symver)NSS_3.20 2:3.20
+ (symver)NSS_3.21 2:3.21
+ (symver)NSS_3.22 2:3.22
+ (symver)NSS_3.23 2:3.23
+ (symver)NSS_3.24 2:3.24
+ (symver)NSS_3.27 2:3.27
+ (symver)NSS_3.28 2:3.28
+ (symver)NSS_3.30 2:3.30
+ (symver)NSS_3.30.0.1 2:3.30
+ (symver)NSS_3.33 2:3.33
+ (symver)NSS_3.4 2:3.13.4-2~
+ (symver)NSS_3.7.4 2:3.13.4-2~
+ (symver)NSS_3.77 2:3.77
+ (symver)NSS_3.80 2:3.80
+ SSL_GetCipherSuiteInfo@NSS_3.4 2:3.44.0
+ SSL_GetChannelInfo@NSS_3.4 2:3.66
+ SSL_GetPreliminaryChannelInfo@NSS_3.21 2:3.44.0
diff --git a/debian/make.mk b/debian/make.mk
new file mode 100644
index 0000000..ae5346c
--- /dev/null
+++ b/debian/make.mk
@@ -0,0 +1,13 @@
+lazy = $(eval $(1) = $$(if $$(___$(1)),,$$(eval ___$(1) := $(2)))$$(___$(1)))
+lc = $(subst A,a,$(subst B,b,$(subst C,c,$(subst D,d,$(subst E,e,$(subst F,f,$(subst G,g,$(subst H,h,$(subst I,i,$(subst J,j,$(subst K,k,$(subst L,l,$(subst M,m,$(subst N,n,$(subst O,o,$(subst P,p,$(subst Q,q,$(subst R,r,$(subst S,s,$(subst T,t,$(subst U,u,$(subst V,v,$(subst W,w,$(subst X,x,$(subst Y,y,$(subst Z,z,$1))))))))))))))))))))))))))
+uc = $(subst a,A,$(subst b,B,$(subst c,C,$(subst d,D,$(subst e,E,$(subst f,F,$(subst g,G,$(subst h,H,$(subst i,I,$(subst j,J,$(subst k,K,$(subst l,L,$(subst m,M,$(subst n,N,$(subst o,O,$(subst p,P,$(subst q,Q,$(subst r,R,$(subst s,S,$(subst t,T,$(subst u,U,$(subst v,V,$(subst w,W,$(subst x,X,$(subst y,Y,$(subst z,Z,$1))))))))))))))))))))))))))
+
+__VARS := $(.VARIABLES)
+
+dump:
+ @$(foreach var,$(sort $(filter-out $(__VARS) __VARS preprocess ___%,$(.VARIABLES))),echo '$(var) = $(subst ','\'',$(subst \,\\,$($(var))))';)
+
+dump-%:
+ @echo $($*)
+
+.PHONY: dump
diff --git a/debian/nss.pc.in b/debian/nss.pc.in
new file mode 100644
index 0000000..57cf3eb
--- /dev/null
+++ b/debian/nss.pc.in
@@ -0,0 +1,11 @@
+prefix=/usr
+exec_prefix=${prefix}
+libdir=${exec_prefix}/lib/@DEB_HOST_MULTIARCH@
+includedir=${prefix}/include/nss
+
+Name: NSS
+Description: Mozilla Network Security Services
+Version: @VERSION@
+Requires: nspr
+Libs: -L${libdir} -lnss3 -lnssutil3 -lsmime3 -lssl3
+Cflags: -I${includedir}
diff --git a/debian/patches/38_hppa.patch b/debian/patches/38_hppa.patch
new file mode 100644
index 0000000..99c9970
--- /dev/null
+++ b/debian/patches/38_hppa.patch
@@ -0,0 +1,17 @@
+Description: fix double definition of BYTE_ORDER on hppa
+Author: Helge Deller <deller@gmx.de>
+Bug-Debian: https://bugs.debian.org/808990
+
+Index: nss/nss/lib/dbm/include/mcom_db.h
+===================================================================
+--- nss.orig/nss/lib/dbm/include/mcom_db.h
++++ nss/nss/lib/dbm/include/mcom_db.h
+@@ -110,7 +110,7 @@ typedef PRUint32 uint32;
+ #endif /* !BYTE_ORDER */
+ #endif /* __sun */
+
+-#if defined(__hpux) || defined(__hppa)
++#if defined(__hpux)
+ #define BYTE_ORDER BIG_ENDIAN
+ #define BIG_ENDIAN 4321
+ #define LITTLE_ENDIAN 1234 /* LSB first: i386, vax, all NT risc */
diff --git a/debian/patches/38_hurd.patch b/debian/patches/38_hurd.patch
new file mode 100644
index 0000000..91b5442
--- /dev/null
+++ b/debian/patches/38_hurd.patch
@@ -0,0 +1,59 @@
+## 38_hurd.patch by <glandium@debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Fix FTBFS on Hurd because of MAXPATHLEN
+
+Index: nss/nss/cmd/shlibsign/shlibsign.c
+===================================================================
+--- nss.orig/nss/cmd/shlibsign/shlibsign.c
++++ nss/nss/cmd/shlibsign/shlibsign.c
+@@ -725,7 +725,6 @@ main(int argc, char **argv)
+ #ifdef USES_LINKS
+ int ret;
+ struct stat stat_buf;
+- char link_buf[MAXPATHLEN + 1];
+ char *link_file = NULL;
+ #endif
+
+@@ -1068,10 +1067,22 @@ main(int argc, char **argv)
+ }
+ if (S_ISLNK(stat_buf.st_mode)) {
+ char *dirpath, *dirend;
+- ret = readlink(input_file, link_buf, sizeof(link_buf) - 1);
+- if (ret < 0) {
+- perror(input_file);
+- goto cleanup;
++ char *link_buf = NULL;
++ size_t size = 64;
++ while (1) {
++ link_buf = realloc(link_buf, size);
++ if (!link_buf) {
++ perror(input_file);
++ goto cleanup;
++ }
++ ret = readlink(input_file, link_buf, size - 1);
++ if (ret < 0) {
++ perror(input_file);
++ goto cleanup;
++ }
++ if (ret < size - 1)
++ break;
++ size *= 2;
+ }
+ link_buf[ret] = 0;
+ link_file = mkoutput(input_file);
+Index: nss/nss/lib/freebl/unix_rand.c
+===================================================================
+--- nss.orig/nss/lib/freebl/unix_rand.c
++++ nss/nss/lib/freebl/unix_rand.c
+@@ -843,6 +843,10 @@ RNG_FileForRNG(const char *fileName)
+ #define _POSIX_PTHREAD_SEMANTICS
+ #include <dirent.h>
+
++#ifndef PATH_MAX
++#define PATH_MAX 1024
++#endif
++
+ PRBool
+ ReadFileOK(char *dir, char *file)
+ {
diff --git a/debian/patches/80_security_tools.patch b/debian/patches/80_security_tools.patch
new file mode 100644
index 0000000..50f994f
--- /dev/null
+++ b/debian/patches/80_security_tools.patch
@@ -0,0 +1,26 @@
+## 80_security_tools.patch by Mike Hommey <glandium@debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Enable building of some NSS tools.
+## DP: Disable rpath.
+
+Index: nss/nss/cmd/platlibs.mk
+===================================================================
+--- nss.orig/nss/cmd/platlibs.mk
++++ nss/nss/cmd/platlibs.mk
+@@ -8,6 +8,7 @@ ifeq ($(BUILD_SUN_PKG), 1)
+ # set RPATH-type linker instructions here so they can be used in the shared
+ # version and in the mixed (static nss libs/shared NSPR libs) version.
+
++ifdef ENABLE_RPATH
+ ifeq ($(OS_ARCH), SunOS)
+ ifeq ($(USE_64), 1)
+ EXTRA_SHARED_LIBS += -R '$$ORIGIN/../lib:/usr/lib/mps/secv1/64:/usr/lib/mps/64'
+@@ -31,6 +32,7 @@ DBMLIB = $(NULL)
+ else
+ DBMLIB = $(DIST)/lib/$(LIB_PREFIX)dbm.$(LIB_SUFFIX)
+ endif
++endif
+
+ ifeq ($(NSS_BUILD_UTIL_ONLY),1)
+ SECTOOL_LIB = $(NULL)
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..9afecb0
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1,3 @@
+38_hurd.patch
+80_security_tools.patch
+38_hppa.patch
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 0000000..ce30869
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,197 @@
+#!/usr/bin/make -f
+include debian/make.mk
+
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+
+$(call lazy,DEB_BUILD_ARCH,$$(shell dpkg-architecture -qDEB_BUILD_ARCH))
+$(call lazy,DEB_BUILD_GNU_TYPE,$$(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE))
+$(call lazy,DEB_HOST_ARCH,$$(shell dpkg-architecture -qDEB_HOST_ARCH))
+$(call lazy,DEB_HOST_ARCH_OS,$$(shell dpkg-architecture -qDEB_HOST_ARCH_OS))
+$(call lazy,DEB_HOST_GNU_TYPE,$$(shell dpkg-architecture -qDEB_HOST_GNU_TYPE))
+$(call lazy,DEB_HOST_GNU_CPU,$$(shell dpkg-architecture -qDEB_HOST_GNU_CPU))
+$(call lazy,DEB_HOST_MULTIARCH,$$(shell dpkg-architecture -qDEB_HOST_MULTIARCH))
+$(call lazy,CFLAGS,$$(shell dpkg-buildflags --get CFLAGS))
+$(call lazy,CPPFLAGS,$$(shell dpkg-buildflags --get CPPFLAGS))
+$(call lazy,LDFLAGS,$$(shell dpkg-buildflags --get LDFLAGS))
+
+PREPROCESS_FILES := $(wildcard debian/*.in) nss/pkg/pkg-config/nss-config.in
+PREPROCESSED_FILES := $(addprefix debian/,$(notdir $(PREPROCESS_FILES:.in=)))
+
+$(filter debian/%,$(PREPROCESS_FILES:.in=)): %: %.in
+debian/nss-config: nss/pkg/pkg-config/nss-config.in
+$(PREPROCESSED_FILES):
+ sed 's,/@DEB_HOST_MULTIARCH@,$(DEB_HOST_MULTIARCH:%=/%),g;$(EXTRA_REPLACES)' $< > $@
+
+UPSTREAM_VERSION := $(shell dpkg-parsechangelog | sed -n 's/^Version: *\([0-9]*:\)\?\([0-9.]*+really\)\?\([^~]*\)\(~.*\)\?-.*$$/\3/ p')
+MOD_MAJOR_VERSION := $(word 1, $(subst ., ,$(UPSTREAM_VERSION)))
+MOD_MINOR_VERSION := $(word 2, $(subst ., ,$(UPSTREAM_VERSION)))
+MOD_PATCH_VERSION := $(or $(word 3, $(subst ., ,$(UPSTREAM_VERSION))),0)
+
+debian/nss.pc: EXTRA_REPLACES := s/@VERSION@/$(UPSTREAM_VERSION)/
+debian/nss-config: EXTRA_REPLACES := s/@MOD_MAJOR_VERSION@/$(MOD_MAJOR_VERSION)/;s/@MOD_MINOR_VERSION@/$(MOD_MINOR_VERSION)/;s/@MOD_PATCH_VERSION@/$(MOD_PATCH_VERSION)/;s/@prefix@/\/usr/
+debian/libnss3.lintian-overrides: EXTRA_REPLACES := s,/@DEB_HOST_MULTIARCH_WC@,$(DEB_HOST_MULTIARCH:%=/*),g
+
+TOOLCHAIN :=
+
+ifneq ($(DEB_HOST_ARCH),$(DEB_BUILD_ARCH))
+ifeq ($(origin CC),default)
+TOOLCHAIN += CC=$(DEB_HOST_GNU_TYPE)-gcc
+endif
+ifeq ($(origin CXX),default)
+CXX := $(DEB_HOST_GNU_TYPE)-g++
+TOOLCHAIN += CXX=$(CXX)
+endif
+TOOLCHAIN += CCC=$(CXX)
+ifeq ($(origin RANLIB),default)
+TOOLCHAIN += RANLIB=$(DEB_HOST_GNU_TYPE)-ranlib
+endif
+TOOLCHAIN += OS_TEST=$(DEB_HOST_GNU_CPU)
+TOOLCHAIN += KERNEL=$(DEB_HOST_ARCH_OS)
+endif
+
+# $(foreach foo,$(list),$(call cmd,some command $(foo))) expands to
+# some command first-elem
+# some command second-elem
+# etc.
+# This avoid using a long one liner with semi colons.
+define cmd
+$(1)
+
+endef
+
+CFLAGS += -Wall -pipe
+
+DISTDIR := $(CURDIR)/dist
+
+COMMON_MAKE_FLAGS := \
+ $(and $(filter terse,$(DEB_BUILD_OPTIONS)),-s) \
+ SOURCE_PREFIX=$(DISTDIR) \
+ SOURCE_MD_DIR=$(DISTDIR) \
+ DIST=$(DISTDIR) \
+ OBJDIR_NAME=OBJS \
+ $(and $(filter 64,$(shell dpkg-architecture -qDEB_HOST_ARCH_BITS)),USE_64=1) \
+ $(and $(filter x32,$(shell dpkg-architecture -qDEB_HOST_ARCH)),USE_X32=1) \
+ $(NULL)
+
+# Disable -Werror on less mainline architectures.
+ifneq (,$(filter-out i386 x86_64 aarch64,$(DEB_HOST_GNU_CPU)))
+COMMON_MAKE_FLAGS += NSS_ENABLE_WERROR=0
+endif
+
+NSS_TOOLS := \
+ certutil \
+ chktest \
+ cmsutil \
+ crlutil \
+ derdump \
+ httpserv \
+ modutil \
+ ocspclnt \
+ p7content \
+ p7env \
+ p7sign \
+ p7verify \
+ pk12util \
+ pk1sign \
+ pwdecrypt \
+ rsaperf \
+ selfserv \
+ shlibsign \
+ signtool \
+ signver \
+ ssltap \
+ strsclnt \
+ symkeyutil \
+ tstclnt \
+ vfychain \
+ vfyserv \
+ $(NULL)
+
+override_dh_auto_build:
+ $(MAKE) -C nss/coreconf/nsinstall \
+ $(COMMON_MAKE_FLAGS) \
+ CC=$(DEB_BUILD_GNU_TYPE)-gcc \
+ ARCHFLAG=
+
+ $(MAKE) -C nss \
+ all \
+ $(COMMON_MAKE_FLAGS) \
+ MOZILLA_CLIENT=1 \
+ NSPR_INCLUDE_DIR=/usr/include/nspr \
+ NSPR_LIB_DIR=/usr/lib/$(DEB_HOST_MULTIARCH) \
+ BUILD_OPT=1 \
+ NS_USE_GCC=1 \
+ OPTIMIZER="$(CFLAGS) $(CPPFLAGS)" \
+ LDFLAGS='$(LDFLAGS) $$(ARCHFLAG) $$(ZDEFS_FLAG)' \
+ DSO_LDOPTS='-shared $$(LDFLAGS)' \
+ NSS_USE_SYSTEM_SQLITE=1 \
+ NSS_ENABLE_ECC=1 \
+ CHECKLOC= \
+ $(TOOLCHAIN)
+
+override_dh_auto_clean:
+ -$(MAKE) -C nss \
+ clobber \
+ $(COMMON_MAKE_FLAGS) \
+ BUILD_OPT=1
+
+ rm -rf $(DISTDIR) $(PREPROCESSED_FILES)
+
+manpage = $(addsuffix .1,$(addprefix nss/doc/nroff/,$(1)))
+
+override_dh_auto_install: $(PREPROCESSED_FILES)
+ install -m 755 -d debian/libnss3/usr/lib/$(DEB_HOST_MULTIARCH) debian/libnss3-dev/usr/lib/$(DEB_HOST_MULTIARCH)/pkgconfig
+ install -m 644 -t debian/libnss3/usr/lib/$(DEB_HOST_MULTIARCH) \
+ $(DISTDIR)/lib/libnss3.so \
+ $(DISTDIR)/lib/libnssutil3.so \
+ $(DISTDIR)/lib/libsmime3.so \
+ $(DISTDIR)/lib/libssl3.so \
+ $(DISTDIR)/lib/libfreebl3.so \
+ $(DISTDIR)/lib/libfreeblpriv3.so \
+ $(DISTDIR)/lib/libsoftokn3.so \
+ $(DISTDIR)/lib/libnssdbm3.so \
+ $(DISTDIR)/lib/libnssckbi.so
+
+ install -m 644 -t debian/libnss3-dev/usr/include/nss \
+ $(DISTDIR)/public/nss/*
+ install -m 644 -t debian/libnss3-dev/usr/lib/$(DEB_HOST_MULTIARCH) \
+ $(DISTDIR)/lib/libcrmf.a
+ install -m 644 -t debian/libnss3-dev/usr/lib/$(DEB_HOST_MULTIARCH)/pkgconfig debian/nss.pc
+ install -m 755 -t debian/libnss3-dev/usr/bin debian/nss-config
+
+ install -m 755 -t debian/libnss3-tools/usr/bin $(addprefix $(DISTDIR)/bin/,$(NSS_TOOLS))
+ install -m 755 -d $(DISTDIR)/man
+ install -m 644 -t $(DISTDIR)/man $(wildcard $(call manpage,$(NSS_TOOLS)))
+
+ # these utilities are too generically-named, so we prefix them with nss- (see http://bugs.debian.org/701141)
+ $(foreach bin, \
+ addbuiltin \
+ dbtest \
+ pp \
+ , \
+ $(call cmd,install -m 755 -T $(DISTDIR)/bin/$(bin) debian/libnss3-tools/usr/bin/nss-$(bin)) \
+ $(if $(wildcard $(call manpage,$(bin))),$(call cmd,install -m 644 -T $(call manpage,$(bin)) $(DISTDIR)/man/nss-$(bin).1)))
+
+ifeq ($(DEB_HOST_ARCH),$(DEB_BUILD_ARCH))
+SHLIBSIGN = LD_LIBRARY_PATH=debian/libnss3/usr/lib/$(DEB_HOST_MULTIARCH) debian/libnss3-tools/usr/bin/shlibsign
+else
+SHLIBSIGN = shlibsign
+endif
+
+override_dh_strip:
+ dh_strip
+ $(foreach lib,libsoftokn3.so libfreebl3.so libfreeblpriv3.so libnssdbm3.so, \
+ $(call cmd,umask 022; $(SHLIBSIGN) -v -i debian/libnss3/usr/lib/$(DEB_HOST_MULTIARCH)/$(lib)))
+
+ifeq ($(DEB_HOST_ARCH),$(DEB_BUILD_ARCH))
+ # Check FIPS mode correctly works
+ mkdir debian/tmp
+ LD_LIBRARY_PATH=debian/libnss3/usr/lib/$(DEB_HOST_MULTIARCH) debian/libnss3-tools/usr/bin/modutil -create -dbdir debian/tmp < /dev/null
+ LD_LIBRARY_PATH=debian/libnss3/usr/lib/$(DEB_HOST_MULTIARCH) debian/libnss3-tools/usr/bin/modutil -fips true -dbdir debian/tmp < /dev/null
+endif
+
+override_dh_makeshlibs:
+ dh_makeshlibs -a -- -c4
+
+%:
+ dh $@
diff --git a/debian/source/format b/debian/source/format
new file mode 100644
index 0000000..163aaf8
--- /dev/null
+++ b/debian/source/format
@@ -0,0 +1 @@
+3.0 (quilt)
diff --git a/debian/upstream/metadata b/debian/upstream/metadata
new file mode 100644
index 0000000..1f4f9ec
--- /dev/null
+++ b/debian/upstream/metadata
@@ -0,0 +1,4 @@
+---
+Repository: https://hg.mozilla.org/projects/nss
+Bug-Database: https://bugzilla.mozilla.org/buglist.cgi?product=NSS&component=Libraries&resolution=---
+Bug-Submit: https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=Libraries
diff --git a/debian/watch b/debian/watch
new file mode 100644
index 0000000..f0a7711
--- /dev/null
+++ b/debian/watch
@@ -0,0 +1,3 @@
+version=4
+opts=dirversionmangle=s/\.$// \
+https://archive.mozilla.org/pub/security/nss/releases/NSS_(?:(\d)_(\d+)(?:_(\d+))?)_RTM/src/nss-([\d\.]+)\.tar\.(?:bz2|gz)